-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0120 Title: Microsoft Security Updates Version history: 10.10.2012 Initial publication CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the October 09, 2012. This advisory is intended to help you plan for the deployment of these security updates more effectively. Please note that the list of affected software shown below is an abstract. The full list of affected components can be found at http://technet.microsoft.com/security/bulletin/ms12-oct. Microsof's security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft's web-based security content, the information in Microsoft's web-based security content is authoritative. ================================== NEW SECURITY BULLETINS ================================== MS12-064 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319) Max Severity Rating: Critical Vulnerability Impact: Remote Code Execution Restart Requirement: May require restart Affected Software: Microsoft Word 2003, Word 2007, Word 2010, Word Viewer, Office Compatibility Pack, SharePoint Server 2010, and Office Web Apps 2010. http://technet.microsoft.com/security/bulletin/MS12-064 ================================= MS12-065 Vulnerability in Microsoft Works Could Allow Remote Code Execution (2754670) Max Severity Rating: Important Vulnerability Impact: Remote Code Execution Restart Requirement: May require restart Affected Software: Microsoft Works 9 http://technet.microsoft.com/security/bulletin/MS12-065 ================================= MS12-066 Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517) Max Severity Rating: Important Vulnerability Impact: Elevation of Privilege Restart Requirement: May require restart Affected Software: Microsoft InfoPath 2007, InfoPath 2010, Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, SharePoint Server 2007, SharePoint Server 2010, Groove Server 2010, Windows SharePoint Services 3.0, SharePoint Foundation 2010, and Office Web Apps 2010. http://technet.microsoft.com/security/bulletin/MS12-066 ================================= MS12-067 Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321) Max Severity Rating: Important Vulnerability Impact: Remote Code Execution Restart Requirement: May require restart Affected Software: Microsoft FAST Search Server 2010 for SharePoint http://technet.microsoft.com/security/bulletin/MS12-067 ================================= MS12-068 Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197) Max Severity Rating: Important Vulnerability Impact: Elevation of Privilege Restart Requirement: Requires restart Affected Software: Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. http://technet.microsoft.com/security/bulletin/MS12-068 ================================= MS12-069 Vulnerability in Kerberos Could Allow Denial of Service (2743555) Max Severity Rating: Important Vulnerability Impact: Denial of Service Restart Requirement: Requires restart Affected Software: Windows 7 and Windows Server 2008 R2. http://technet.microsoft.com/security/bulletin/MS12-069 ================================= MS12-070 Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849) Max Severity Rating: Important Vulnerability Impact: Elevation of Privilege Restart Requirement: May require restart Affected Software: Microsoft SQL Server 2000 Reporting Services, SQL Server 2005, SQL Server 2008, SQL Server 2008 R2, and SQL Server 2012. http://technet.microsoft.com/security/bulletin/MS12-070 ================================== NEW SECURITY ADVISORY ================================== This alert is to notify you that on October 09, 2012, Microsoft has released Security Advisory 2749655 - Compatibility Issues Affecting Signed Microsoft Binaries - to discuss issues involving specific digital certificates that were generated by Microsoft without proper timestamp attributes. See Security Advisory 2749655 for more details. http://technet.microsoft.com/security/advisory/2749655 As part of resolving this issue, Microsoft will rerelease security updates that are affected by this issue. The list of security bulletins being rereleased for this issue on October 9, 2012, include: MS12-053: Microsoft rereleased the KB723135 update for Windows XP. http://technet.microsoft.com/security/bulletin/MS12-053 MS12-054: Microsoft rereleased the KB2705219 update for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. http://technet.microsoft.com/security/bulletin/MS12-054 MS12-055: Microsoft rereleased the KB2731847 update for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. http://technet.microsoft.com/security/bulletin/MS12-055 MS12-058: Microsoft rereleased the KB2731847 update for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. http://technet.microsoft.com/security/bulletin/MS12-058 Please review each respective security bulletin for more details. ================================== REVISED SECURITY ADVISORY ================================== This alert is to notify you that Microsoft has revised two previously published security advisories on October 09, 2012. SECURITY ADVISORY 2661254 ========================= Security Advisory 2661254 - Update For Minimum Certificate Key Length - was updated on October 09, 2012. Previously Microsoft made the update that restricts the use of certificates with RSA keys less than 1024 bits in length available for download on the Microsoft download center. The security advisory was revised on October 09, 2012, to announce that the KB2661254 update for all supported releases of Microsoft Windows is now offered through automatic updating. The advisory revision also rereleases the KB2661254 update for Windows XP. Customers who previously applied the KB2661254 update do not need to take any action. See Security Advisory 2661254 for further details. SECURITY ADVISORY 2737111 ========================= Security Advisory 2737111 - Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution - was updated to reflect the publication of security bulletin MS12-067 to address the vulnerabilities discussed in this security advisory. RECOMMENDATIONS ================================== Review Microsoft Security Advisory 2661254, security advisory 2737111, and associated content for details on affected components, mitigating factors, suggested actions, frequently asked questions (FAQ), and links to additional resources. ADDITIONAL RESOURCES ================================== Security Advisory 2661254 - Update For Minimum Certificate Key Length - http://technet.microsoft.com/security/advisory/2661254 Security Advisory 2737111 - Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution -http://technet.microsoft.com/security/advisory/2737111 Microsoft Security Bulletin MS12-067 - Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution - http://technet.microsoft.com/security/bulletin/MS12-067 Security Advisory 2749655 - Compatibility Issues Affecting Signed Microsoft Binaries - http://technet.microsoft.com/security/advisory/2749655 Microsoft Security Response Center (MSRC) Blog: http://blogs.technet.com/msrc Security Research & Defense (SRD) Blog: http://blogs.technet.com/srd Best Regards, CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJQdXBsAAoJEPpzpNLI8SVoxO8QAKH+x1D4E3TE1jj5sYY/FzeF oTKny02pfISSsdmH8mgHHKpPuSvd+rHy+xk7oPDztV8Ru9eZp2nNK6yy4+4OqkAs WcdJdmHnQAqojb2thbmXVkocsNoH3Xpt+KRuraUBfQBITdglNG90u6ct14mW7y/t /a2a8GJpsQQTQfCJHFOucJfErYYU+1EsyOZqxuJBOlpxV2l2mE9YcYGla/9RTJZQ ZmtSEwyr+4Qg2zZFFr5SoAT4MqF6ceI+U2Zt6A9tuNzOrcc+5E6mc5mWTe6lyEWo 9ivS6dM/QcBNW9Ug3zyvIKBxfhfSY5MJ7/ab/THsVFAHCgb6hBfgDhMtrjK2jgpS kBFSqt9oTyWsVHucdteiLjS9l2W9+c2Bv3sl1gZcHWr6154jQ7MNfS6Y8mARIRG4 DA2j0qh8Ut5fP+OBM27i8+PW6Rwll0rX8ls0JuQaCZwSM3YbDLDonshboFvkYfDg /rgkCjkTqVlDY2ZusfhQlgtZ1uP+fT9cOfnRg4teHJQ6W9RWQHLRhu4Pd2GP4AgG tYU0AGrNL00eN4kst+0QJtipKY2YYLKIzVyfF/xyEzaTH/bkVNVc8VNqH4vIfkcw 17E20kc2xFyEaB2S8BVCgyHKfGrl0GYg8IYSWVzWpH8qL5QcNZmXoTHqahJriXx1 5la5tf8YyrB97CvUGqV2 =iXH2 -----END PGP SIGNATURE-----