Microsoft released seven (7) bulletins, of which three (3) bulletins ares identified as Critical and four (4) as Important.
The bulletins address twenty-three (23) vulnerabilities in Microsoft Windows, Office, Silverlight, and .NET Framework. At least two of the updates will require a restart.
If you have had difficulties with .NET Framework in the past, it is strongly advised that updates MS12-034 and MS12-035 be installed separately, including a shutdown/restart.
Security Bulletins
- Microsoft Security Bulletin MS12-029 (Critical): Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)
- Microsoft Security Bulletin MS12-030 (Important): Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830)
- Microsoft Security Bulletin MS12-031 (Important): Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)
- Microsoft Security Bulletin MS12-032 (Important): Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)
- Microsoft Security Bulletin MS12-033 (Important): Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)
- Microsoft Security Bulletin MS12-034 (Critical): Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)
- Microsoft Security Bulletin MS12-035 (Critical): Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)
Support
The following additional information is provided in the Security Bulletin:- The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.
- Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.
- International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.
References
- MSRC: Bulletin Management Process and the May 2012 Bulletins
- TechNet: Microsoft Security Bulletin Summary for May 2012
- Security and Safety Center: Microsoft security updates for May 2012
- Security Research & Defense: MS12-034: Duqu, ten CVE's, and removing keyboard layout file attack surface
I think there are more and more vulnerabilities that are being discovered, but Microsoft is not able to patch all of them in time thus allowing hackers to take advantage of them.
ReplyDelete