Microsoft Patch Tuesday – May 2012

Hello, welcome to this month’s blog on the Microsoft patch release. This is a larger month—the vendor is releasing 7 bulletins covering a total of 23 vulnerabilities.

Eight of this month's issues are rated ‘Critical’ and they affect Windows, .NET, Office and Silverlight. The remaining issues affect Office and Windows.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft’s summary of the May releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms12-may

The following is a breakdown of the issues being addressed this month:

  1. MS12-030 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830)

    CVE-2012-0141 (BID 53342) Excel File Format Memory Corruption Vulnerability (MS Rating: Important; Symantec Urgency Rating: 7.1/10)

    A remote code-execution vulnerability affects Excel due to the way it handles memory. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious Excel file. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

  2. MS12-031 Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)

    CVE-2012-0018 (BID 53328) VSD File Format Memory Corruption Vulnerability (MS Rating: Important; Symantec Urgency Rating: 7.1/10)

    A remote code-execution vulnerability affects Visio due to the way it handles memory. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious Visio file. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

  3. MS12-029 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)

    CVE-2012-0183 (BID 53344) RTF Mismatch Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)

    A remote code-execution vulnerability affects Word due to the way it handles memory. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious RTF file. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

  4. MS12-034 Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)

    CVE-2011-3402 (BID 50462) TrueType Font Parsing Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 6.6/10)

    A previously public (Nov 1, 2011) remote code-execution vulnerability affects Windows, .NET, and Office in the way they handle a TrueType font file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious TrueType font. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

    CVE-2012-0159 (BID 53335) TrueType Font Parsing Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 8.2/10)

    A remote code-execution vulnerability affects Windows and Silverlight in the way they handle a TrueType font file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious TrueType font. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

    CVE-2012-0165 (BID 53347) GDI+ Record Type Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.1/10)

    A remote code-execution vulnerability affects GDI+ in the way it handles validation of specially crafted EMF images. An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted EMF image file. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

    CVE-2012-0162 (BID 53358) .NET Framework Buffer Allocation Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.5/10)

    A remote code-execution vulnerability affects .Net Framework that can allow an application to access memory in an unsafe manner. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

    CVE-2012-0176 (BID 53360) Silverlight Double-Free Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.5/10)

    A remote code-execution vulnerability affects Silverlight due to a double-free condition. An attacker can exploit this issue by tricking a victim into viewing a specially crafted Silverlight application. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

  5. MS12-032 Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)

    CVE-2012-0174 (BID 53352) Windows Firewall Bypass Vulnerability (MS Rating: Important; Symantec Urgency Rating: 6.4/10)

    A security-bypass vulnerability affects Windows Firewall due to the way it handles outbound broadcast packets. An attacker may be able to exploit this issue to bypass outbound filter rules, this could aid in further attacks.

  6. MS12-033 Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)

    CVE-2012-0178 (BID 53378) Plug and Play (PnP) Configuration Manager Vulnerability (MS Rating: Important; Symantec Urgency Rating: 6.6/10)

    A privilege-escalation vulnerability affects Windows Partition Manager due to the way it handles Plug and Play (PnP) Configuration Manager functions. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. This may facilitate a complete system compromise.

  7. MS12-035 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)

    CVE-2012-0160 (BID 53356) .NET Framework Serialization Vulnerability (MS Rating: Critical; Symantec Urgency Rating: 7.5/10)

    A remote code-execution vulnerability affects .Net Framework due to improper serialization of user-supplied input. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page. Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.