Microsoft Security Bulletins For May 2012 Released, Patches 23 Vulnerabilities

Microsoft has wheeled out the security patches for May, 2012′s Patch Tuesday. The Patch Tuesday for May 2012 covers 7 security bulletins to fix at least 23 documented vulnerabilities found in Microsoft Windows, Microsoft Office, .NET Framework and Silverlight.

Out of the seven bulletins, three are rated as “critical” because of the risk of remote code execution attacks, and the rest of the four bulletins are rated as “important“, as they will cover vulnerabilities that can cause code execution of privilege escalation attacks.

The Redmond software giant is asking its Windows users to pay attention to the bulletin ID MS12-034, which is linked to the Duqu malware, which was used to spy on high-profile targets in Iran.

Here’s a quick glimpse of this month’s updates:

ID Summary
MS12-029 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS12-034 Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)This security update resolves three publicly disclosed vulnerabilities and seven privately reported vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType font files. An attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website.
MS12-035 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)This security update resolves two privately reported vulnerabilities in the .NET Framework. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS12-030 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830)This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS12-031 Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS12-032 Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)This security update resolves one privately reported and one publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
MS12-033 Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Missing out computer how to, tips, tutorials, and more? Enter your email below to receive future announcements direct to your inbox. An email confirmation will be sent before you will start receiving notifications - please check your spam folder if you don't receive this.

About SK Mezanul Haque

SK Mezanul Haque is the founder of MyTechGuide.org (popularly known as My Technology Guide). Passionate about all things in tech. Let's talk on Google Plus.

  • darline philpott

    mezanul/mytech ,Iopted out of computers and all that came with them. even thiugh I ve purchased 4 dells for my daughter aformer navy sub computer troubleshooter and her children.I had used them in law enforcement ,and found them lack,or should i say ifound the soft ware R & D ditto tech writers slow and incompetent with applications for the layman demographic. I stumbled on you site for help for google chrome and got it. you with the epiphany and your pensive staff are my heroes.my new Dell 23.5 touch is becoming a joy.i have plenty of time and an eidetic memory.use me.i love tech writing and i understand and can break down most things to make the plain. thank you! corieana1013***** whoo hoo fyi msn is trying to wear too many hats to ensure loyalty and aggressive….tsk tsk.no aquiecent response or reply solicited.

  • Pingback: ACAD/Medre.A Worm Uncovered: Steals AutoCAD Design Files (Blueprints)