(LiveHacking.Com) – Microsoft has released its advanced notification for October’s Patch Tuesday. This month, Microsoft will release seven bulletins, one Critical and six Important. The Critical bulletin will fix vulnerabilities in Microsoft Word while the six Important-rated bulletins will fix vulnerabilities in Windows, Microsoft Office, and SQL Server.
Included in the patches is a fix for the vulnerabilities in the FAST Search Server which are caused by Oracle’s Outside In libraries. The libraries are used in Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and the FAST Search Server 2010 for SharePoint. The Outside In libraries were updated by Oracle in July and Microsoft addressed the issue in Exchange during August’s Patch Tuesday. Now the Fast Search Server will be updated. Microsoft first described the vulnerabilities in Security Advisory 2737111.
Microsoft will also be enforcing their new security initiative which requires that RSA key lengths be a minimum of 1024 bits. In June, Microsoft announced the availability of an update to Windows that restricts the use of certificates with RSA keys less than 1024 bits in length. Microsoft is now planning to release this update to everyone as part of October’s Patch Tuesday.
“As a reminder, we’ll provide the update we described in Security Advisory 2661254 through Windows Update next Tuesday. We previously made this release available through the download center for manual deployment and testing,” wrote Dustin Childs, Microsoft Trustworthy Computing. “Releasing KB2661254 to Automatic Updates and requiring that RSA key lengths be a minimum of 1024 bits will be our final step in this effort to help customers strengthen their certificates.”
Microsoft has scheduled the bulletin release for Tuesday Oct. 9, 2012 at approximately 10 a.m. PDT.