Thursday, May 17, 2012

Microsoft Patch Tuesday for May, 2012: Critical Patches for soon-to-be-active exploits

Well, it has been a week+ since Patch Tuesday, and I haven't heard anything bad about any of these patches.  If you haven't run Windows Update, do so now.  Read the stories below for more technical details.  I have patched all my boxes and not had any issues.  Please let me know if you need help patching.

Microsoft patches 23 Windows flaws, warns of risk of code execution attacks | ZDNet

By | May 8, 2012, 11:53am PDT

Summary: The Patch Tuesday batch for May 2012 covers at least 23 documented vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework and Microsoft Silverlight.

Microsoft wheeled out another batch of  security patches today to fix multiple dangerous security flaws that expose billions of Windows users to remote code execution attacks.

The Patch Tuesday batch for May 2012 covers at least 23 documented vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework and Microsoft Silverlight.

The company is urging Windows users to pay special attention to MS12-034, a “critical” bulletin that patches 10 distinct security holes.  Three of these vulnerabilities have already been publicly disclosed and Microsoft expects to see working exploit code released within 30 days.

ISC Diary | Microsoft May 2012 Black Tuesday Update - Overview

Overview of the May 2012 Microsoft patches and their status.

Bulletin Management Process and the May 2012 Bulletins - MSRC - Site Home - TechNet Blogs

For Update Tuesday we’re releasing seven security bulletins – three Critical-class and four Important – addressing 23 issues in Microsoft Windows, Office, Silverlight, and the .NET Framework. Customers should plan to install all of these updates as soon as possible. For those who must prioritize deployment, we recommend focusing on the following two critical updates first:

  • MS12-034 (Microsoft Office, Windows, .NET Framework, and Silverlight): This security update addresses 10 issues affecting a cross section from Microsoft Windows , Office, Silverlight, and the Microsoft .NET Framework. The maximum severity for these issues is Critical and could result in remote code execution. To ensure protection all updates from this bulletin must be applied. We recommend that customers read through the bulletin information concerning MS12-034 and apply it as soon as possible.
  • MS12-029 (Microsoft Word): This security update addresses one Critical issue affecting Microsoft Office that could result in remote code execution. Attack vectors for this issue include maliciously crafted websites and email. We recommend that customers read through the bulletin information concerning MS12-029 and apply it as soon as possible.
Microsoft releases seven security updates

This month, Microsoft released seven bulletins, three critical and four important, that addressed a total of 23 vulnerabilities. MS12-029
is the bulletin that should be highest on the list for most
organizations, as it can be used to gain control of an end-user's
machine without requiring user interaction. The bulletin provides a
patch for a vulnerability in the RTF file format that can be exploited
through Microsoft Office 2003 and 2007. It is rated critical because
simply viewing an attached file in the preview pane of Microsoft Outlook
is sufficient to trigger the exploit.


MS12-034
- addressing 10 vulnerabilities - is the second critical bulletin, and
it applies to the broadest selection of Microsoft software this month.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)