Microsoft is out with its October Patch Tuesday update, fixing 20 security issues and enforcing a new level of security with an RSA key strength update.
Only one of the October Patch Tuesday bulletins carries a Critical rating this month. MS12-064 details a pair of vulnerabilities in Microsoft Word 2003, 2007 and 2010 that could potentially lead to remote code execution. Microsoft describes one of the vulnerabilities as a remote code execution vulnerability that involves how Microsoft Word handles specially crafted Word files. The second vulnerability is a use-after-free issue that can be exploited if a user opens or previews a specially crafted RTF file.
"The RTF bug in Microsoft Word warrants special attention since users can be exploited simply by previewing a malicious RTF file in Outlook," said Andrew Storms, director of security operations for nCircle. "Security teams should prioritize, distribute and install this fix as soon as possible."
Microsoft Works is also being tagged this month for a remote code execution issue that could be triggered by Microsoft Word.
"The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Word file using Microsoft Works," Microsoft warned. "An attacker who successfully exploited this vulnerability could gain the same user rights as the current user."
A vulnerability Microsoft ranks as Important involves HTML sanitization and could potentially lead to elevation of privilege exploits on Microsoft Office, Microsoft Communications Platforms, Microsoft Server software, and Microsoft Office Web Apps.
"The vulnerability could allow elevation of privilege if an attacker sends specially crafted content to a user," Microsoft warned in its advisory.
An Elevation of Privilege risk is also being fixed in SQL Server. The risk comes from a cross-site-scripting (XSS) vulnerability that could enable arbitrary commands to be executed with SQL Reporting Services (SSRS). Microsoft warns that an attacker could exploit this vulnerability by sending a specially crafted link to the user and convincing the user to click the link, or by hosting a webpage designed to exploit the vulnerability.
"In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability," Microsoft stated in its advisory.
The Windows Kernel itself is also at risk from an elevation of privilege attack, thanks to an integer overflow vulnerability.
"An elevation of privilege vulnerability exists when the Windows kernel improperly handles objects in memory," Microsoft warns. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights."
1024 Bit Keys
As part of the Patch Tuesday update, Microsoft is now pushing out an update to enforce the use of 1024-bit RSA keys. The idea behind increasing the key length is to reduce the risk from lower integrity keys that have been used in the past.
"The private keys used in these certificates can be derived and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks," Microsoft stated in its advisory.