Home Security Microsoft's Patch Tuesday delivers Something for everyone

Microsoft released seven security bulletins overnight, addressing a total of 20 vulnerabilities. Only one of the bulletins is rated critical, and there are also wide-ranging non-security updates this month - only Microsoft's Mac customers miss out.

Heading the list of security updates from Microsoft this month is one rated critical for Microsoft Word.

The update takes care of two vulnerabilities, one of which is rated critical as its allows the use of a maliciously crafted RTF file to cause remote code execution. All currently supported versions of Office are affected.

The remaining six bulletins are all rated important.

An update to Microsoft Works 9 addresses an issue that allows a maliciously crafted Word file to cause remote code execution.

All currently supported versions of Windows except Windows 8 and Windows Server 2012 are affected by a kernel issue that can be exploited by running a malicious program to elevate the user's privileges.

Windows 7 and Windows Server 2008 R2 are affected by a vulnerability in the Kerberos server that can be exploited in a denial of service attack by sending a maliciously crafted session request.

A publicly disclosed vulnerability in Microsoft Office, Microsoft Communications Platforms, Microsoft Server software, and Microsoft Office Web Apps could allow elevation of privilege by sending maliciously crafted HTML.

Affected versions are InfoPath 2007 SP2 and SP3, InfoPath 2010 SP1, SharePoint 2007 SP2 and SP3, SharePoint 2010 SP1, Groove 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, Office Web Apps 2010 SP1, Communicator 2007 R2, and Lync 2010 and Lync 2010 Attendee.

Multiple remote code execution vulnerabilities have been publicly disclosed concerns the FAST Search Server 2010 for SharePoint, but they rely on the Advanced Filter Pack which is disabled by default.

Finally for this month, many versions of SQL Server have been patched to protect against a cross-site-scripting vulnerability that could be used to elevate privileges.

Affected are SQL Server 2000 Reporting Services SP2, SQL Server 2005 Express Edition with Advanced Services Pack 4, SQL Server 2005 SP4, SQL Server 2008 SP2 and SP3, SQL Server 2008 R2, and SQL Server 2012.

In related news, Microsoft released the traditional update for the Malicious Software Removal Tool, an update for the Camera Codec Pack for Windows 8 and Windows RT, and assorted non-security updates for Windows XP, Windows Vista, Windows 7, Windows 8, Windows Server 2003, Windows Server 2008 R2 and Windows Server 2012.

And earlier this week Microsoft released an update for Adobe Flash Player in Internet Explorer 10 on Windows 8 and Windows Server 2012 to address various unspecified vulnerabilities.

As with Google Chrome, Flash Player is integrated with Internet Explorer 10 rather than being an external component. Microsoft has been criticised for failing to release the Flash update as soon as it was released by Adobe last month.

A DINNER WITH YOW! SPEAKERS - CELEBRATING 10 YEARS

It's YOW's 10th anniversary this year and we would like to celebrate with you. YOW! proudly invites you to join us at Celebrating 10 years of YOW! – Dinner with Speakers.

An intimate networking experience, YOW! Dinner with Speakers offers attendees the opportunity to gain industry and career insights on a more personal level with YOW! speakers from the 2018 conference.

An intimate networking experience, YOW! Dinner with Speakers offers attendees the opportunity to gain industry and career insights on a more personal level with YOW! speakers from the 2018 conference.

Book a table of 10, bring a friend, or come by yourself and make new friends!

Register now for YOW! Dinner with Speakers:

· Sydney on Thursday November 29
· Brisbane on Tuesday December 3
· Melbourne on Thursday December 6

REGISTER NOW!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

10 SIMPLE TIPS TO PROTECT YOUR ORGANISATION FROM RANSOMWARE

Ransomware attacks on businesses and institutions are now the most common type of malware breach, accounting for 39% of all IT security incidents, and they are still growing.

Criminal ransomware revenues are projected to reach $11.5B by 2019.

With a few simple policies and procedures, plus some cutting-edge endpoint countermeasures, you can effectively protect your business from the ransomware menace.

DOWNLOAD NOW!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect