Microsoft Issues Emergency Security Update And Warns

Seven security updates are scheduled for Microsoft Patchday. One of them is considered critical and closes two vulnerabilities in various Microsoft Office Word components. The remaining six patches classify Microsoft as important.

Two vulnerabilities in Microsoft Office are said to be a thing of the past with Security Bulletin MS12-064 . One of the vulnerabilities makes it possible in the worst case to execute external code on an affected system (Remote Code Execution).

The attacker can access the rights of the currently logged-in user in this way. To do this, the user must open or preview a specially customized document in Rich Text Format (RTF).

This gap is critical in the 32- and 64-bit versions of Microsoft Office 2010 Service Pack 1 (SP1) and Office 2007 SP2 and SP3. There is a high risk for Office 2003 SP3, the Microsoft Word Viewer and the Office Compatibility Pack with SP2 and SP3.

The Microsoft Sharepoint Server 2010 SP1 and the Office Web Apps 2010 SP1 also affect two of the manufacturer’s server solutions. However, both Mac owners and users of Microsoft Works 9 have nothing to fear.

More updates for Sharepoint servers

However, Works users must install security update MS12-065 , which closes a similar remote code execution vulnerability . In this case, however, any Word document can serve as an attack base. However, Microsoft classifies this vulnerability “only” as important.

Microsoft also includes other vulnerabilities in Sharepoint with the security bulletins MS12-066 and MS12-067 . The first of these updates also affects companies using Microsoft Infopath, the Lync communication platform, Groove Server, or Office Web Apps.

The security update MS12-068 fixes a vulnerability in the Windows kernel. Apparently, all supported Windows versions are vulnerable except for Windows 8 and Server 2012. Also, the network service Kerberos in Microsoft’s server solutions plaguing a vulnerability, remedy to create the Microsoft patch MS12-069 .

The latest vulnerability allows cross-site scripting attacks on various versions of Microsoft SQL Server. However, SQL Server Reporting Services must be enabled in this case. To exploit the vulnerability, the attacker could force a user of the vulnerable website to click on a compromised link. Microsoft wants to fix the problem with the security bulletin MS12-070 .

Cloud architects face two different problems at scale at any given time in order to prepare for the worst; firstly, if something unexpected and undesired happens, how to continue business operations as if nothing happened, and secondly, if something unexpected and undesired happens and I am unable to continue operations as usual, how can I bring the architecture up someplace else and within a reasonable window of time, and then, resume operations as usual?

In these terms we can discuss:
– Continue business as usual in the face of an outage
– Resume business as usual in the shortest term possible in the face of an irrecuperable outage

The first is covered by high availability, and the second is covered by disaster recovery. Here, we will look at high availability.