Software

Patch Tuesday October 2012 – More Microsoft Word Spearphish Risks

Today’s Microsoft updates include a few fixes for remote code execution, and several fixes for escalation of privilege and denial of service flaws. The priority for both general folks and corporate customers running Windows and Office will be to roll out MS12-064 effecting Microsoft Office immediately. Vulnerability CVE-2012-2528 and CVE-2012-0182 is patched by this bulletin, and -2528 predictably will be attacked with more malformed rtf formatted documents. These sorts of files have been delivered with a .doc extension, previously exploiting CVE-2012-0158. This 0158 vulnerability has been heavily exploited with spearphish in a large variety of serious targeted attacks this summer. Accordingly, expect to see more of this new vulnerability exploited with spearphish from the APT. Another vulnerability in Word is being patched, but is comparably difficult to reliably exploit.

Microsoft is also releasing a bulletin for a vulnerability in Microsoft Works. This code exposes a heap overflow but is a much lower priority because of the level of difficulty in building a reliable exploit.

Another major problem, but not anywhere near as serious, is within Microsoft Sharepoint, InfoPath, and the Microsoft Office WebApps service. A person could craft malicious content and send it to a user, sending just enough data to elevate their privileges to admin on the system.

Depending on your environment, you may look into the other handful of patches immediately. Microsoft presents October’s MS SQL, Kerberos, and Kernel Bulletins here.

Patch Tuesday October 2012 – More Microsoft Word Spearphish Risks

Your email address will not be published. Required fields are marked *

 

Reports

BlindEagle flying high in Latin America

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

APT trends report Q2 2024

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox