Microsoft has provided additional details on the patches released on May 8. Of the three CRITICAL security patches released on May 8, one has been publicly identified previously. The two remaining CRITICAL patches were not identified publicly until Tuesday, May 8.
The publicly identified vulnerability is actually associated with the font parsing code that allowed duqu malware to successfully compromise systems late in 2011. Following the patch released in December 2011 to address vulnerabilities identified in the font parsing code contained in win32k.sys, Microsoft determined that several other products also used copies of win32k.sys font parsing code. The critical patch identified as MS12-034 – http://technet.microsoft.com/en-us/security/bulletin/ms12-034 addresses the vulnerabilities in the other Microsoft products.
As this vulnerability has been public for several months, the AgriLife IT ISO recommendation is to apply the May 2012 Microsoft patches to workstations (or servers that are used for web browsing) as soon as possible.
Additional details on May 2012 Microsoft patches are provided below:
Update May 8, 2012
Details of May Microsoft patches:
Critical Severity patches – (where applicable, newer versions of server or workstation operating systems that have a different severity designation are identified)
MS12-029 – http://technet.microsoft.com/en-us/security/bulletin/ms12-029
Vulnerability Title – RTF Mismatch vulnerability
Workstation operating systems – N/A
Server operating systems – N/A
Microsoft Office Software affected – Office 2003, Office 2007, Microsoft Office for Mac 2008 and Mac 2011 (designated as IMPORTANT for all Office products except 2007)
Other Microsoft Office products – Office Compatibility pack SP2 and SP3
Remote Code Execution vulnerability
Reliable exploit code likely in the next 30 days
Vulnerability not publicly disclosed prior to May 8.
Details: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS12-034 – http://technet.microsoft.com/en-us/security/bulletin/ms12-034
Vulnerability Title – TrueType Font Parsing vulnerability (plus several others)
Workstation operating systems – Windows XP, Vista, Windows 7
Server operating systems – Server 2003, Server 2008 and Server 2008R2
Server 2008R2 server core OS – (64 bit and Itanium) – NET framework 3.5 SP1, .NET framework 4,
Microsoft Developer tools – Silverlight 4 and Silverlight 5 (Mac and Windows systems)
Remote Code Execution vulnerability
Reliable exploit code likely in the next 30 days
Publicly disclosed in December 2011.
Details: This security update resolves three publicly disclosed vulnerabilities and seven privately reported vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType font files. An attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website.
MS12-035 – http://technet.microsoft.com/en-us/security/bulletin/ms12-035
Vulnerability Title – .NET Framework Serialization
Workstation operating systems –
Windows XP (32 and 64 bit) – .NET framework 1.0 SP3, .NET framework 1.1 SP1, .NET framework 2.0 SP2, .NET framework 3.0 SP2, .NET framework 3.5 SP1, .NET framework 4
Vista (32 and 64 bit) -.NET framework 1.1 SP1, .NET framework 2.0 SP2, .NET framework 3.0 SP2, .NET framework 3.5 SP1, .NET framework 4,
Windows 7 base and SP1 (32 and 64 bit) – .NET framework 3.5 SP1, .NET framework 4,
Server operating systems –
Server 2003 – .NET framework 1.1 SP1, .NET framework 2.0 SP2, .NET framework 3.0 SP2, .NET framework 3.5 SP1, .NET framework 4,
Server 2008 (32 and 64 bit) – .NET framework 1.1 SP1, .NET framework 2.0 SP2, .NET framework 3.0 SP2, .NET framework 3.5 SP1, .NET framework 4
Server 2008R2 base and SP1 (64 bit and Itanium) – NET framework 3.5 SP1, .NET framework 4,
Software affected – Windows and .NET framework
Remote Code Execution vulnerabilityReliable exploit code likely in the next 30 days
Vulnerability not publicly disclosed prior to May 8.
Details: This security update resolves two privately reported vulnerabilities in the .NET Framework. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Important Severity patches
MS12-030 – http://technet.microsoft.com/en-us/security/bulletin/ms12-030
Vulnerability title – Excel File Format Memory Corruption
Workstation operating systems – N/A
Server operating systems – N/A
Microsoft Office software – Excel 2003 SP3, Excel 2007 SP2 and SP3, Excel 2010 (32 and 64 bit) base and SP1, Office for Mac 2008 and Office for Mac 2011, Excel Viewer, Office compatibility pack SP2 and SP3
Exploit code likely in the next 30 days
Vulnerability not publicly disclosed prior to May 8.
Details: This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS12-031 – http://technet.microsoft.com/en-us/security/bulletin/ms12-031
Vulnerability title – VSD File Format Memory Corruption Vulnerability
Workstation operating systems – N/A
Server operating systems – N/A
Microsoft Office Software affected – Visio viewer 2010 and Visio viewer 2010sp1
Remote Code Execution vulnerability
Exploit code likely in the next 30 days
Vulnerability not publicly disclosed prior to May 8.
Details: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS12-032 – http://technet.microsoft.com/en-us/security/bulletin/ms12-032
Vulnerability title – Windows Firewall Bypass Vulnerability
Workstation operating systems –
Window XP – N/A
Vista SP2 – 32 and 64 bit versions
Windows 7 base and SP1 – 32 and 64 bit versions
Server operating systems –
Server 2003 – N/A
Server 2008 SP2 – 32, 64 bit and Itanium
Server 2008R2 base and SP1 – 64 bit and Itanium
Security bypass/Elevation of Privilege vulnerability
Likelihood of exploit code in the next 30 days – N/A
One publicly disclosed and one privately disclosed vulnerability prior to May 8.
Details: This security update resolves one privately reported and one publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
MS12-033 – http://technet.microsoft.com/en-us/security/bulletin/ms12-033
Vulnerability title – Plug and Play (PnP) Configuration Manager
Workstation operating systems –
Window XP – N/A
Vista SP2 – 32 and 64 bit versions
Windows 7 base and SP1 – 32 and 64 bit versions
Server operating systems –
Server 2003 – N/A
Server 2008 SP2 – 32, 64 bit and Itanium
Server 2008R2 base and SP1 – 64 bit and Itanium
Elevation of Privilege vulnerability
Exploit code likely in the next 30 days
Vulnerability not publicly disclosed prior to May 8.
Details: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
Original Announcement
Microsoft has just sent their advance notice of the patches that are scheduled to be released on May 8 , 2012. There are a total of seven patches to be released for May 2012.
Three patches are designated as critical. One of the critical patches applies to Microsoft Office alone. A second critical patch applies to Office but also to Windows, the .NET Framework and also Silverlight. A third critical patch only applies to Windows and .NET framework.
The remaining four patches are designated as IMPORTANT and apply to Microsoft Office and also to Windows Operating Systems.
For the following operating systems, two patches are designated as CRITICAL:
Workstation Operating Systems
- Windows XP
- Windows Vista
- Windows 7
Server Operating Systems
- Windows Server 2003
- Windows Server 2008
- Windows Server 2008R2
For the following Office application suites, one patch is designated as CRITICAL:
Office Suites
- Office 2003 SP3 (Microsoft Word)
- Office 2007 SP2 (Microsoft Word)
- Office 2007 SP3 (Microsoft Word)
For the following Development Tools and Software, one patch is designated as CRITICAL:
Development Tools
- Microsoft Silverlight 4
- Microsoft Silverlight 5
The remaining patches are designated as IMPORTANT. Additional information will be provided on May 8 from the following URL once the patches have been released – http://technet.microsoft.com/en-us/security/bulletin/ms12-may