Patch Analysis for October 2012

OK, this is an interesting month of patches – and not your usual month of primarily workstation patches. There are some patches that affect workstations though, but they also affect SharePoint and Groove servers – basically any apps that work with documents. So besides Office that includes Groove, Lync, Infopath, etc. There’s also a FAST search server (a component of SharePoint) patch that you might be able to work around. Then there’s a weird Kerberos-based denial-of-service vulnerability. Microsoft indicates it affects the “Kerberos server” which to me says “domain controller” but the patch is for both Windows Server and Windows 7… Finally there is a patch for SQL Server in Report Manager. This is an XSS (cross-site scripting) vulnerability and those are always tricky to get your head around because they can be prevented on the server and web client. Of course you need to prevent it at the server, primarily.
 
The 2 that you should jump on first are MS12-066 and MS12-067 because their exploit details are public and at least MS12-066 is already being exploited.
Before I take you to the chart for this month’s patches, here’s a quick note about a useful and free tool from Lumension that assesses and prioritizes your vulnerabilities by criticality and delivers actionable information through an intuitive user interface, where users can easily create a variety of PDF-based reports about vulnerabilities for your OS, applications, policies and security configurations. It scans up to 25 nodes which is a good sample size to gauge the security of your systems. The scanner is located here at Lumension.
And check out Lumension Patch and Remediation for multi-vendor, multi-platform patch management that’s a part of a much larger, single-agent, single pane-of-glass endpoint security management solution.
BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS12-068

2724197
Privilege elevation

/ Windows
Workstations
Terminal Servers
No/NoNoImportant XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS12-066

2741517
Privilege elevation

Workstations
Servers
Sharepoint Servers
Yes/YesNoImportant SharePoint Services 3.0
SharePoint Foundation 2010
SharePoint Server 2007
Groove Server 2010
Web Apps
SharePoint Server 2010
Lync 2010
Communicator 2007 R2
InfoPath 2010
InfoPath 2007
HTML SanitizationPatch after testing
MS12-064

2742319
Arbitrary code

/ Office Word
Workstations
Servers
Sharepoint Servers
No/NoNoCritical Office 2003
Office 2007
Word Viewer
Office Compatibility Pack
Office 2010
Office Web Apps 2010
SharePoint Server 2010
RTF Rich Text File parsingPatch after testing
MS12-067

2742321
Arbitrary code

/ Fast Search Server
Sharepoint Servers
Yes/NoYesImportant Fast Search Server 2010
Only vulnerable if Advanced Filter Pack enabled (disabled by default)Apply Workaround; Patch after testing
MS12-069

2743555
Denial of service

/ Kerberos
Workstations
Servers
No/NoNoImportant Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS12-065

2754670
Arbitrary code

/ Works Converters
Workstations
Terminal Servers
No/NoNoImportant Works 9
 Patch after testing
MS12-070

2754849
Privilege elevation

/ SQL Server Report Manager
SQL Servers
No/NoNoImportant SQL Server 2000
SQL Server 2005
SQL Server 2008
SQL Server 2008 R2
SQL Server 2012
cross-site scripting (XSS) vulnerabilityPatch after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.