Microsoft has released its Advanced Notification for October 2012. After last months release of only two patches, many people expected a huge release this month but it looks we got lucky with only seven bulletins this month with only one of those listed as critical. Not as lucky as last months two bulletins but a far cry from the all time high of seventeen.
The seven bulletins this month break down into three Remote Code Executions, three Elevation of Privileges and one Denial of Service. Applications affected are Microsoft Office 2003, 2007, and 2010 and maybe Office for OSX, Server Software, including Sharepoint, Lync, Windows itself and even SQL Server. Two of the bulletins are listed as definitely requiring a restart and the rest say they might require a restart.
Based on what we know right now the two bulletins for Lync and SQL Server seem to be the most interesting. If you are unfamiliar with Lync, it's Microsoft corporate messaging solution that is integrated into Office. We haven’t seen a lot of vulnerabilities in Lync yet and this one may indicate a change of focus by some researchers. With SQL being as widespread and important as it is, any vulnerability in that package is definitely interesting.
Don’t forget this month will also see an update from Microsoft that will prevent the use of 512 bit certificates that we wrote about last month. If you have any legacy systems still in production which the Trustwave Global Security Report says that at least 1% of you do, this update may cause you some headaches.