Light Patch Batch -- Redmondmag.com

Barney's Blog

Light Patch Batch

This month's Patch Tuesday is almost shockingly small with just one "critical" flaw. The flaw is yet another remote code execution (RCE) hole. This time the lure is a Rich Text file that, if opened or just viewed, can give the hacker your user privileges. The good news is it hasn't been exploited yet -- so if you haven't installed the patch you still have time. Experts, however, believe there are those that are working on attacks as we speak, so don't dilly dally too long.

There were also six important bulletins, including more RCE flaws, an elevation of privilege issue, a cross scripting flaw and a denial-of-service problem.

How does Microsoft's very public patching approach compare to other vendors? Answers welcome at [email protected].

Posted by Doug Barney on 10/10/2012 at 1:19 PM

Featured

Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.
PowerShell Script Used in Phishing Attack May Be AI-Generated

A PowerShell script being used in a novel malware campaign may have been created by AI, according to security researchers at Proofpoint.