Virtual Administrator’s May 2012 Patch Recommendations
We have not uncovered any widespread problems with any of these patches and are releasing all of them.
A number of MS Office vulnerabilities addressed this month. If you have machines with Office Word 2007 deployed, installing MS12-029 is the top priority. After that MS12-034 is the most concerning vulnerability. MS12-034 fixes code targeted by Duqu Trojan.
No out-of-band updates were released during the last month.
7 Security Bulletins were released
Exploitability
Publically disclosed: MS12-030, MS12-032, MS12-034
Being exploited: None
Rated CRITICAL: MS12-029, MS12-034, MS12-035
(The Severity Rating System: http://technet.microsoft.com/en-us/security/bulletin/rating )
Requires Restart
Servers: Yes for Server 2008,Server 2008 R2
Workstations: Yes for Vista, Windows 7
Know Issues per Microsoft
None
Security Bulletins
(MS#/Affected Software/Type)
CRITICAL
MS12-029:(Office Word) The vulnerability could allow remote code execution if a user opens a specially crafted RTF file.
MS12-034:(Windows, Office, ,Net, Silverlight) The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType font files.
MS12-035:(Net Framework) The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs).
IMPORTANT
MS12-030:(Office) The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file.
MS12-031:(Office Visio) The vulnerability could allow remote code execution if a user opens a specially crafted Visio file.
MS12-032:(Windows) The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
MS12-033:(Windows) The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
Details and Links
MS12-029: Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)
http://technet.microsoft.com/en-us/security/bulletin/ms12-029
Severity: Critical
KB in Kaseya: KB2598332, KB2596917, KB2596880, KB2665346, KB2665351
Affected Software: Office 2003, 2007; Office 2008, 2011 for Mac; Office Compatability Pack
Known Issues per MS: None
MS12-030: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830)
http://technet.microsoft.com/en-us/security/bulletin/ms12-030
Severity: Important
KB in Kaseya: KB2553371, KB2597086, KB2597161, KB2597162,KB2597166, KB2596842
Affected Software: Office 2003, 2007, 2010; Office 2008, 2011 for Mac; Excel Viewer, Office Compatability Pack
Known Issues per MS: None
MS12-031: Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)
http://technet.microsoft.com/en-us/security/bulletin/ms12-031
Severity: Important
KB in Kaseya: KB2597981
Affected Software: Visio 2010 Viewer
Known Issues per MS: None
MS12-032: Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)
http://technet.microsoft.com/en-us/security/bulletin/ms12-032
Severity: Important
KB in Kaseya: KB2688338
Affected Software: Vista, Server 2008, Server 2008 R2, Windows 7
Known Issues per MS: None
MS12-033: Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)
http://technet.microsoft.com/en-us/security/bulletin/ms12-033
Severity: Important
KB in Kaseya: KB2690533
Affected Software: Vista, Server 2008, Server 2008 R2, Windows 7
Known Issues per MS: None
MS12-034: Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)
http://technet.microsoft.com/en-us/security/bulletin/ms12-034
Severity: Critical
KB in Kaseya: KB2656405,KB2656407,KB2656409 KB2656410, KB2656411,KB2658846,KB2659262,KB2660649,KB2686509
Affected Software: XP,Vista, Server 2003,Server 2008,Server 2008 R2, Windows 7;Office 2003, 2007; Silverlight 3,4,5
Known Issues per MS: None
MS12-035: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)
http://technet.microsoft.com/en-us/security/bulletin/ms12-035
Severity: Critical
KB in Kaseya: KB2604042,KB2604044,KB2604078,KB2604092,KB2604110,KB2604111,KB2604114,KB2604115,KB2604121
Affected Software: XP, Vista, Server 2003, Server 2008, Server 2008 R2, Windows 7
Known Issues per MS: None
