Microsoft to release seven bulletins
Posted on 05 October 2012.
Microsoft Security Bulletin Advance Notification for October 2012 contains seven bulletins, one critical and six rated as important.

It should be a relief to many that none of the bulletins requires immediate attention, as none of them address vulnerabilities being exploited in the wild; all were privately reported vulnerabilities. This means that there isn’t any publicly known exploit code for this month’s bulletin cycle.

Bulletin 1, marked as critical, is a vulnerability in Microsoft Office 2003, 2007, and 2010 as well as Word Viewer and Microsoft Office Web Apps. This vulnerability required a victim to open up a malicious file or even preview a malicious file in Outlook Web Access. This vulnerability could result in the complete compromise of a system if exploited.

Since this is an Office vulnerability this may affect both Windows and Macintosh users.

Microsoft will also be issuing an update this Tuesday that will deprecate the use of certificates that are less than 1024 bit encrypted. This could result in headaches for organizations who still have legacy certificates in production. This weekend will be the last weekend to clean up legacy certificates before next Tuesday.

Per Microsoft, some known issues that customers may encounter after applying this update may include:
  • Error messages when browsing websites that have SSL certificates with keys that are less than 1024 bits
  • Problems enrolling for certificates when a certificate request attempts to utilize a key that is less than 1024 bits
  • Difficulties creating or consuming email (S/MIME) messages that utilize less than 1024 bit keys for signatures or encryption
  • Difficulties installing Active X controls that were signed with less than 1024 bit signatures
  • Difficulties installing applications that were signed with less than 1024 bit signatures (unless they were signed prior to January 1, 2010, which will not be blocked by default).


Author: Marcus Carey, security researcher at Rapid7.





Spotlight

Intentional backdoors in iOS devices uncovered

Posted on 22 July 2014.  |  A researcher has revealed that Apple has equipped its mobile iOS with several undocumented features that can be used by attackers and law enforcement to access the sensitive data contained on the devices running it.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //