Microsoft to release seven bulletins
Posted on 05 October 2012.
Microsoft Security Bulletin Advance Notification for October 2012 contains seven bulletins, one critical and six rated as important.

It should be a relief to many that none of the bulletins requires immediate attention, as none of them address vulnerabilities being exploited in the wild; all were privately reported vulnerabilities. This means that there isnít any publicly known exploit code for this monthís bulletin cycle.

Bulletin 1, marked as critical, is a vulnerability in Microsoft Office 2003, 2007, and 2010 as well as Word Viewer and Microsoft Office Web Apps. This vulnerability required a victim to open up a malicious file or even preview a malicious file in Outlook Web Access. This vulnerability could result in the complete compromise of a system if exploited.

Since this is an Office vulnerability this may affect both Windows and Macintosh users.

Microsoft will also be issuing an update this Tuesday that will deprecate the use of certificates that are less than 1024 bit encrypted. This could result in headaches for organizations who still have legacy certificates in production. This weekend will be the last weekend to clean up legacy certificates before next Tuesday.

Per Microsoft, some known issues that customers may encounter after applying this update may include:
  • Error messages when browsing websites that have SSL certificates with keys that are less than 1024 bits
  • Problems enrolling for certificates when a certificate request attempts to utilize a key that is less than 1024 bits
  • Difficulties creating or consuming email (S/MIME) messages that utilize less than 1024 bit keys for signatures or encryption
  • Difficulties installing Active X controls that were signed with less than 1024 bit signatures
  • Difficulties installing applications that were signed with less than 1024 bit signatures (unless they were signed prior to January 1, 2010, which will not be blocked by default).


Author: Marcus Carey, security researcher at Rapid7.





Spotlight

Windows 0-day exploited in ongoing attacks, temporary workarounds offered

Posted on 22 October 2014.  |  A new Windows zero-day vulnerability is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //