Under a week ago, TNW brought you the rough sketch of what we could expect in May’s Patch Tuesday event. Every month, before the date, Microsoft puts out a pre-release set of notes, to help people prepare for the coming updates. From that post, this is what we are looking at:
This month’s collection of updates contains some 7 bulletins, which will fix 23 vulnerabilities. Three bulletins are rated as critical, and four as important. This month, Office and Windows are receiving the brunt of the help, which means that you are likely to be impacted by the coming updates.
Microsoft has shipped the code, and a fresh set of notes on the updates; the core details, 7 bulletins and 23 vulnerabilities, remains the same. Microsoft commented on the two patches that are the most important:
- MS12-034 (Microsoft Office, Windows, .NET Framework, and Silverlight): This security update addresses 10 issues affecting a cross section from Microsoft Windows , Office, Silverlight, and the Microsoft .NET Framework. The maximum severity for these issues is Critical and could result in remote code execution. To ensure protection all updates from this bulletin must be applied. We recommend that customers read through the bulletin information concerning MS12-034 and apply it as soon as possible.
- MS12-029 (Microsoft Word): This security update addresses one Critical issue affecting Microsoft Office that could result in remote code execution. Attack vectors for this issue include maliciously crafted websites and email. We recommend that customers read through the bulletin information concerning MS12-029 and apply it as soon as possible.
Remote code execution is nasty. If you have Windows Update set to automatic, expect some new code to be installed. Now, for the fun part! Every month, Microsoft thanks individuals from the technology community who helped the company find the issues that it has now solved. And as we sometimes do, we want to highlight a few of those. Such charitable behavior is good to encourage.
With no further ado, TNW honors the following three people:
- An anonymous researcher, working with TippingPoint’s Zero Day Initiative, for reporting an issue described in MS12-029.
- Alex Plaskett of MWR InfoSecurity for reporting an issue described in MS12-034
- h4ckmp for reporting an issue described in MS12-034