Barney's Blog

Blog archive

Light Patch Batch

This month's Patch Tuesday is almost shockingly small with just one "critical" flaw. The flaw is yet another remote code execution (RCE) hole. This time the lure is a Rich Text file that, if opened or just viewed, can give the hacker your user privileges. The good news is it hasn't been exploited yet -- so if you haven't installed the patch you still have time. Experts, however, believe there are those that are working on attacks as we speak, so don't dilly dally too long.

There were also six important bulletins, including more RCE flaws, an elevation of privilege issue, a cross scripting flaw and a denial-of-service problem.

How does Microsoft's very public patching approach compare to other vendors? Answers welcome at [email protected].

Posted by Doug Barney on 10/10/2012 at 1:19 PM


Featured

comments powered by Disqus

Subscribe on YouTube

Upcoming Training Events

0 AM
Live! 360 Orlando
November 17-22, 2024
TechMentor @ Microsoft HQ
August 11-15, 2025