News

Word, Kerberos vulnerabilities highlight busy October Patch Tuesday

Jeremy Stanley

In October's Patch Tuesday announcement, Microsoft patched vulnerabilities in seven security bulletins and released a cumulative update for Windows 8 and Windows Server 2012.

All supported versions of Windows Server up to Windows Server 2008 R2 have been patched. One particular vulnerability deals with Kerberos authentication, where, if exploited, could result in a denial of service. The server would restart itself if exploited.

Another vulnerability with the Windows kernel in recent editions of Windows could be exploited. However, it would be more difficult to pull off such an exploit because an attacker would need to develop a virus, said Jason Miller, a member of Shavlik Technologies Patch Patrol team.

The month's

    Requires Free Membership to View

lone critical patch deals with a vulnerability in Microsoft Word in recent editions of Office software. This is important if users run recent versions of Outlook because Microsoft Word is used to render emails in the client.

The company recommends applying the patch immediately using WSUS or other services.

"It could be quite a large patch day"

-Jason Miller, Shavlik Technologies Patch Patrol Team

Another patch dealing with a vulnerability in SharePoint's FAST search stems from Oracle's Outside In libraries, something that received attention earlier this year.

Update déjà vu: human error leads to patch rereleases

Microsoft will  rerelease a number of its patches that included certificates that lack the appropriate timestamp.

Microsoft noted the original patches still protect against the vulnerabilities.

On Tuesday, Microsoft rereleased five bulletins from the month of August, three of them critical updates.

If these updates reappear in WSUS or another patch manager, Miller said it's best to apply them as they appear.  

Miller said the seven bulletins in October, plus these rereleased patches and an Internet Explorer patch that was released in mid-September, might keep admins busy.

"It could be quite a large patch day," Miller said.

No security updates for Windows Server 2012, Windows 8

Still missing from the Patch Tuesday proceedings are Windows Server 2012 and its desktop brother, Windows 8.

Given that the server product has only been out for a month and Windows 8 hasn't seen retail availability, Miller wasn't shocked.

Miller pointed to the trend that both Windows Vista and Windows Server 2008 were absent from security bulletins for about four months after the products hit general availability.

If admins are running any software -- like Office 2010 -- those will need to be patched, Miller said.

While there were no security updates for Windows Server 2012 or Windows 8, the company did release a cumulative update in time for the release of Windows 8. Most of the fixes in this update pertain to the desktop version, which promises improved driver support and power efficiency for better battery life on notebooks. 


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: