Patch Tuesday October 2012 – More Microsoft Word Spearphish Risks
Today’s Microsoft updates include a few fixes for remote code execution, and several fixes for escalation of privilege and denial of service flaws. The priority for both general folks and corporate customers running Windows and Office will be to roll out MS12-064 effecting Microsoft Office immediately. Vulnerability CVE-2012-2528 and CVE-2012-0182 is patched by this bulletin, and -2528 predictably will be attacked with more malformed rtf formatted documents. These sorts of files have been delivered with a .doc extension, previously exploiting CVE-2012-0158. This 0158 vulnerability has been heavily exploited with spearphish in a large variety of serious targeted attacks this summer. Accordingly, expect to see more of this new vulnerability exploited with spearphish from the APT. Note that another vulnerability in Word is being patched within the same Bulletin, but is comparably difficult to reliably exploit.
Microsoft is also releasing a bulletin for a vulnerability in Microsoft Works. This code exposes a heap overflow but is a much lower priority because of the level of difficulty in building a reliable exploit.
Another major problem, but not anywhere near as serious, is within Microsoft Sharepoint, InfoPath, and the Microsoft Office WebApps service. A person could craft malicious content and send it to a user, sending just enough data to elevate their privileges to admin on the system.
Depending on your environment, you may look into the other handful of patches immediately. Microsoft presents October’s MS SQL, Kerberos, and Kernel Bulletins here.