7 Security Bulletins Address 20 Issues; System Center 2012 UR3; Exchange 2010/2007 UR's; NEAT Cards Released!

Microsoft on October 9, released seven updates to fix one critical and six important bugs in Windows, Office and some other products in its software family. "Customers should plan to install all of these updates as soon as possible," MSRC stated.The seven bulletins address 20 issues found in Microsoft Windows, SQL Server, and Office including […]

Microsoft on October 9, released seven updates to fix one critical and six important bugs in Windows, Office and some other products in its software family. "Customers should plan to install all of these updates as soon as possible," MSRC stated.

The seven bulletins address 20 issues found in Microsoft Windows, SQL Server, and Office including SharePoint, Lync, Microsoft Works (which reaches the end of its support lifecycle this week) and InfoPath.

"This security update resolves two issues in Microsoft Office. This bulletin has a severity rating of Critical and can result in remote code execution. Only one of the two issues addressed by this bulletin is rated Critical, but in that case, an attacker could run code in the context of the logged- on user if they were to open a specially crafted Rich Text Format (RTF) file or previews or open a specially crafted RTF email message," a Microsoft statement reads.

In addtion, also System Center 2012 Update Rollup 3 (UR3) has been released today -- and that provides updates for Service Manager, Data Protection Manager, and Operations Manager. This also marks the first time that Data Protection

You can find more details and instructions for obtaining and installing the update rollup on the associated KB article KB 2756127.

Also, Security Advisory 2749655, update address an issue in which digital signatures on files produced and signed by Microsoft will expire prematurely. "The update addresses potential compatibility issues due to a signature timestamp on valid files expiring before it should. This advisory will improve your overall security profile, rather than addressing an issue in a specific product," MSRC stated.

The re-released Exchange 2010 SP2 RU4 includes the following additional fix: 2756987 Only one result is returned after you click "view all results" in Outlook 2010 or in Outlook 2013 in an Exchange Server 2010 environment.

Microsoft's SDL team today released "Necessary, Explained, Actionable, and Tested (NEAT) Cards."

"Previously, we blogged about "Adding Usable Security to the SDL." Feedback as we hand out the cards at a variety of conferences has been amazingly positive. We wanted to make it easier for folks outside of Microsoft to take advantage of NEAT, and so today, we're putting those cards under a CC-BY license so you can print your own," the SDL team posted.

Download a high-resolution PDF of the cards and the NEAT whitepaper here.

microsoft sdl neat cards

Below is a Oct 2012 security deployment priority guidance: (click for larger view)

microsoft october 2012 security update deployment priority guidance

….and, here is risk and impact graph shows an aggregate view of this month's severity and exploitability index:

microsoft october 2012 security update: severity and exploitability index

Watch the video below for an overview of October 2012 Security bulletins:

Interested in learning the history of Microsoft Office productivity suite -- check the infographic below featuring the History of Microsoft Office -- staring from Office 1.0 up to Office 2013 (click to enlarge):

Infographic: The History of Microsoft Office - Office 1.0 to Office 2013