It's an exciting time for the folks at Microsoft (News - Alert) as the company prepares to launch a number of new, important products. For one thing Windows 8 is close to making its official debut, marking the company's first serious play for the tablet market, as well as the most radical change to the Windows desktop operating system perhaps ever. Meanwhile, Windows 8's mobile counterpart, the Windows Phone (News - Alert) 8, is set to launch at the end of the month. Even in the midst of all this, though, the email hosting provider still has to handle more banal tasks — like patches.
Today is October Patch Tuesday, fixing a total of 20 vulnerabilities in Windows, Office, Lync, SharePoint, Groove Server and SQL Server, including SQL Server 2000, 2005, 2008 and 2012. And, while there are a number of important updates, only one is rated as critical. According to Microsoft, this critical update will fix a security issue in Word.
"Today we’re providing advance notification of the release of seven bulletins, one Critical and six Important, which address 20 vulnerabilities for October 2012. The Critical bulletin addresses vulnerabilities in Microsoft Word. The six Important-rated bulletins will address issues in Windows, Microsoft Office, and SQL Server. This release will also address the issue in FAST (News - Alert) Search Server first described in Security Advisory 2737111," said Dustin Childs of Microsoft, in a statement.
The FAST Search Server bug has been a known issue since July and also appeared in the Microsoft Exchange Server. A security advisory at the time stated that the vulnerabilities are due to the way files are parsed by Oracle (News - Alert) Outside, a product which is capable of accessing, transforming and controlling the contents of a number of unstructured file formats. At its most severe, with Microsoft Exchange Server 2007 and Microsoft Exchange Server 2010, this issue could allow an attacker to take control of the server process that is "parsing a specially crafted file."
Edited by Jamie Epstein