Beyondtrust

BeyondTrust Patch Tuesday

October 09, 2012

Microsoft Patch Summary

This month, Microsoft released seven patches that repair a total of 20 vulnerabilities. Of these vulnerabilities, there were 16 remote code execution vulnerabilities, three elevation of privilege vulnerabilities, and one cross-site scripting vulnerability.

Administrators are advised to patch MS12-064 immediately to prevent exploitation by attackers. Lastly, administrators should patch MS12-065, MS12-066, MS12-067, MS12-068, MS12-069, and MS12-070 as soon as possible. As always, BeyondTrust suggests that all users apply Microsoft patches as fast as possible, preferably after testing the impact on internal applications and network continuity. For those who would like further information regarding the potential risks and remediation requirements of the patches announced today, please consider attending tomorrow's Vulnerability Expert Forum hosted by the BeyondTrust Security Research Team.

  • Web Event: Vulnerability Expert Forum (VEF)
  • Presenters: The BeyondTrust Research Team
  • Date/Time: Wednesday, Oct 10th
    1pm PT / 4pm ET / 9pm GMT
VIEW WEBINAR

BULLETIN / ADVISORY DETAILS

MS12-064

Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)


Microsoft Rating:

Critical

CVE List:

CVE-2012-0182 and CVE-2012-2528

 

Analysis:

This bulletin addresses 2 privately reported remote code execution vulnerabilities in Microsoft Word. The patch fixes a vulnerability that occurs when parsing PAPX sections in Word files. The patch also fixes a use-after-free vulnerability that occurs when parsing RTF files. An attacker that successfully exploited either of these vulnerabilities would gain user level access to the target machine.

 

Recommendation:

Install the patch immediately to prevent exploitation by attackers. Until the patch can be applied, read emails in plain text. Block Office 2003 (and earlier) files that are not from trusted sources. Use MOICE to open files from untrusted sources.

 

LEARN MORE

MS12-065

Vulnerability in Microsoft Works Could Allow Remote Code Execution (2754670)


Microsoft Rating:

Important

CVE:

CVE-2012-2550

 

Analysis:

This bulletin addresses a privately reported remote code execution vulnerability in Microsoft Works 9. The patch fixes a heap corruption vulnerability that occurs when parsing DOC files. An attacker that successfully exploited this vulnerability would gain user level access to the target machine.

 

Recommendation:

Deploy patches as soon as possible; no reasonable mitigation is available.

 

LEARN MORE

MS12-066

Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)


Microsoft Rating:

Important

CVE:

CVE-2012-2520

 

Analysis:

This bulletin addresses a publicly reported elevation of privilege vulnerability in HTML Sanitization Component. The patch fixes a vulnerability that occurs when sanitizing HTML strings. An attacker that successfully exploited this vulnerability would be able to read content that they are not authorized to access, or perform actions on behalf of the victim within the context of the affected application.

 

Recommendation:

Deploy patches as soon as possible; no mitigation is available.

 

LEARN MORE

MS12-067

Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321)


Microsoft Rating:

Important

CVE List:

CVE-2012-1766, CVE-2012-1767, CVE-2012-1768, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, CVE-2012-3109, and CVE-2012-3110

 

Analysis:

This bulletin addresses 13 publicly reported remote code execution vulnerabilities in Microsoft FAST Search Server. The patch fixes multiple vulnerabilities in Oracle Outside In libraries, which are used by the Advanced Filter Pack to parse various file types. An attacker that successfully exploited these vulnerabilities could execute arbitrary code within a user account’s context that has a restricted token.

 

Recommendation:

Deploy patches as soon as possible. Until the patch can be installed, run the AdvancedFilterPack PowerShell script with the "-disable" flag to disable the Advanced Filter Pack on FAST Search Server 2010 for SharePoint.

 

LEARN MORE

MS12-068

Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197)


Microsoft Rating:

Important

CVE:

CVE-2012-2529

 

Analysis:

This bulletin addresses a privately reported elevation of privilege vulnerability in the Windows kernel. The patch fixes an integer overflow vulnerability that occurs when improperly handling in-memory objects. A local attacker that successfully exploited this vulnerability would gain kernel level access to the target machine.

 

Recommendation:

Deploy patches as soon as possible; no mitigation is available.

 

LEARN MORE

MS12-069

Vulnerability in Kerberos Could Allow Denial of Service (2743555)


Microsoft Rating:

Important

CVE:

CVE-2012-2551

 

Analysis:

This bulletin addresses a privately reported denial of service vulnerability in Kerberos. The patch fixes a null pointer de-reference vulnerability that occurs when handling a specially crafted session. An attacker that successfully exploited this vulnerability would be able to cause the target system to restart.

 

Recommendation:

Deploy patches as soon as possible; no mitigation is available.

 

LEARN MORE

MS12-070

Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849)


Microsoft Rating:

Important

CVE:

CVE-2012-2552

 

Analysis:

This bulletin addresses a privately reported elevation of privilege vulnerability in SQL Server. The patch fixes a reflected cross-site scripting vulnerability that occurs when the Report Manager SQL Server site fails to validate a request parameter. An attacker that successfully exploited this vulnerability would be able to execute client-side script on behalf of the user that opened the attacker's malicious link.

 

Recommendation:

Deploy patches as soon as possible. Until the patch can be installed, enable the XSS filter in Internet Explorer (available in versions 8 and higher).

 

LEARN MORE
Feedback

The BeyondTrust staff welcomes any comments, questions or suggestions from our readers. We hope that you will not hesitate to contact us with any feedback you may have. Send all feedback to communications@beyondtrust.com.

Disclaimer

The information within this advisory may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.

Notice

Permission is hereby granted for the redistribution of this newsletter electronically. It is not to be edited in any way without the express consent of BeyondTrust. If you wish to reprint the whole or any part of this newsletter in any other medium excluding electronic medium, please email communications@beyondtrust.com for permission.