Light Patch Batch
This month's Patch Tuesday is almost shockingly small with just one "critical" flaw. The flaw is yet another remote code execution (RCE) hole. This time the lure is a Rich Text file that, if opened or just viewed, can give the hacker your user privileges. The good news is it hasn't been exploited yet -- so if you haven't installed the patch you still have time. Experts, however, believe there are those that are working on attacks as we speak, so don't dilly dally too long.
There were also six important bulletins, including more RCE flaws, an elevation of privilege issue, a cross scripting flaw and a denial-of-service problem.
How does Microsoft's very public patching approach compare to other vendors? Answers welcome at firstname.lastname@example.org.
Posted by Doug Barney on 10/10/2012 at 1:19 PM