The Microsoft security team shipped just two bulletins – resolving as many holes – in the September, 2012 edition of Patch Tuesday.
The patches will supply fixes for two ‘important’ rated bugs, one in Microsoft Developer Tools and the other in Micrososft Server Software. If unpatched, both could lead to elevation of privileges.
The first bulletin, MS12-061, resolves a privately reported vulnerability in the Visual Studio Team Foundation server that could allow for elevation of privileges if a user clicks a maliciously crafted link in an email or browses to a site hosting an exploit for the vulnerability.
The second bulletin, MS12-062, remedies a problem in Microsoft System Center Configuration Manager that could also be used by an attacker to elevate privileges if a user is compelled to an affected website via a specially crafted URL.
In both instances, there is no way of forcing a user to visit such sites, so the attacker would have to rely on some sort of social engineering trick to drive users there.
You can find the bulletins in their entirety on the Microsoft TechNet blog.
The unusually calm month precedes what promises to be an especially hectic October, in which Microsoft is set to release their highly anticipated Windows 8 operating system as well as a change certificate key length requirements.
As noted by Wolfgang Kandek at Qualys.com, the change in key length requirement set to be implemented in October as ‘Security Advisory 2661254’ is something that Windows administrators should keep in mind. The update will make it so Windows will no longer accept RSA keys of fewer than 1024 bits, according to Kandek.