Software optimize

It's Microsoft Patch Tuesday: May 2012

Justin James gathers the information you need to make the right deploy decision when applying Microsoft's May 2012 patches in your organization.

This month sees a trio of remote code execution attacks in Office products, which is never good, and another big-time vulnerability in XAML Browser Application (XBAP) handling. At least the nonsecurity patches are at a bare minimum this time around!

This blog post is also available in PDF format in a TechRepublic download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Editor's Note: A few of the Knowledge Base articles were still not available on May 8, 2012. They should be available for review soon, but we are at the mercy of Microsoft's timetable.

Security Patches

MS12-029/KB2680352 - Critical (Office 2007)/Important (Office 2003, Office 2008 for Mac, Office 2011 for Mac, Office Compatibility Pack): Parsing issues with RTF files can lead to remote code execution attacks against Word users, granting the attacker the privileges of the user who opened the file. You will want to plug this hole immediately. MS12-030/KB2663830 - Important (Office 2003, Office 2007, Office 2010, Office 2008 for Mac, Office 2011 for Mac, Office Compatibility Pack, Excel Viewer): Another remote code execution attack that occurs when opening files, this time in Excel. Even though Microsoft rates the severity as "important," the overall exposure justifies installing the patch as soon as you can. MS12-031/KB2597981 - Important (Visio Viewer 2010): Visio also has a remote code execution vulnerability when opening files. It makes me wonder if it is all the same common piece of code? Again, get Visio patched quickly, since those files are not too uncommon. MS12-032/KB2688338 - Important (Vista, W7, 2008, 2008 R2): Locally logged-on users can run an application to exploit issues with the TCP/IP stack and get higher rights. Because the user must already be logged on and able to run applications, the patch can wait until your normal patch cycle. MS12-033/KB2690533 - Important (Vista, W7, 2008, 2008 R2): The Windows Partition Manager also has an escalation of privileges vulnerability, exploitable by a locally logged-on user running code. Again, this one can wait until you are scheduled to install patches. MS12-034/KB2681578 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2, Silverlight 4 for Mac and Windows, Silverlight 5 for Mac and Windows): A whopping TEN vulnerabilities -- three already public -- are solved with this patch. Some are remote code execution attacks that can be exploited by visiting a Web site. It is hard to overstress how important it is to install this patch. MS12-035/KB2693777 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2): XAML Browser Applications (XBAPs) are getting hit again this month with remote code executions that can be exploited through a Web site. Patch immediately, and seriously consider disabling XBAPs if you have not done so already.

Other Updates

KB931125 - Root certification update.

"The Usual Suspects": Updates to the Malicious Software Removal Tool and the ActiveX Killbits.

Changed, but not significantly: none.

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday:

KB931125 - Root certification update.

Changed, but not significantly: None.

About

Justin James is the Lead Architect for Conigent.

18 comments
epiph
epiph

Hi, My WinXP has been installing the May 2012 patch at every shutdown for the last week or so; never any error message, and installation seems to go ok, every time! Any way to stop this? Thanks.

davidjbell
davidjbell

Same here. My Win 7 update list is almost completely different from the Patch Tuesday list and includes various .NET updates; what's going on?

beezermike
beezermike

These updates that you present in this article are not the same updates as were uploaded to my computer yesterday. Wazzup? (My OS is WinXP SP3 HP Media Center PC m7260n) Too bad I can't insert a .jpeg image of the update dialog box in this pane. Not exactly "High Tech".

ittizliz
ittizliz

why all these remote user rights? last night i left my pc on for 2 hrs set to desktop, when i clicked my mouse Netflicks was sitting there..what is this about?

swvalera
swvalera

We are getting ready (finally) to deploy windows 7 to the entire High School District we have just about 2000plus machines. What would be the approach to design a windows update server in conjunction with AD and group Policy. We AD 2008 ready, GOP in place, we are at the beging stage.. Any documentation will help thanks

Mark W. Kaelin
Mark W. Kaelin

Are the Microsoft patches giving you trouble this month? Your peers can help - describe the problems you are having.

khiatt
khiatt

Never choose Install and shutdown. That function was an afterthought that, in my opinion, never worked reliably. Run the updates by clicking on the yellow shield. You will need to be logged in as an administrator to do this. Choose the custome option then click Next to see what updates are there. Click Install to start the update. Once the box disappears, click the yellow balloon to bring it back so you can follow the progress. Once it finishes, any failures will be listed. It doesn't actually tell you why it failed, but at least you'll know what to Google for :) My favorite problem is when the update requires you to accept a new EULA before it can continue, but you chose Install and Shutdown, so there is no way for it to display the Accept button, so it just waits for you to answer a question you can't see. I can't count the number of times users have called me over in the morning to tell me "It's still installing update 3 of 7 from last night"

Justin James
Justin James

... many of the problems affect many versions of the .NET Framework (or other products), so one item here can be multiple patches. This list doesn't detail individual patches, it details the problem which results in patches. Usually, it's 1-to-1, but for .NET, it's typically 1 patch for each version of .NET on your machine. J.Ja

Gisabun
Gisabun

Even though there was seven bulletins, 3 of them had multiple updates. For example MS12-034 had 4 updates for Windows XP OS alone plus .net Framework versions, Office and Silverlight. In theory, you could have maybe a dozen updates to install for a single bulletin. MS12-030 and MS12-035 have also multiple updates. When I first saw six bulletins I thought it was a "light" month. I was wrong [of course the advance notification Email doesn't give any idea on how many actual updates.]. Odly I had some old .net framework updates to reapply.

spdragoo
spdragoo

Netflix isn't a free-standing app for Win7, AFAIK...and if they do somehow have one, you'd have to deliberately install it from Netflix's website (i.e. not through Microsoft Update).

Gisabun
Gisabun

Netflicks? Unsure what you installed!

Neon Samurai
Neon Samurai

Look at the Windows Server System Update Service (SUS); it's included with Server and should simply be another "role" you can enable/install. It then downloads the updates to your local network so your client machines can pull from it rather than Microsoft. I believe you can also select which updates are to be installed.

nils.s
nils.s

I ran Windows 7 updates on the 1st of May and subsequently lost all access to the internet. My ADSL line was active and I was able to ping my service provider, but could not send or receive email, get onto the internet with IE or Google, or connect to Skype. It took me a few days to figure out what happened. I eventually did a system restore and everything started working again. Not going to be running any updates again in a hurry!

epiph
epiph

Thanks khiatt for your reply; I had never heard about this before. So I logged in as Admin. But there is NO yellow shield (and the taskbar is not locked)! But if I go to shutdown, I am again offered to install the update (or to shutdown without installing). So I can't customize or see what updates are suggested. Problem does not seem to be an unanswered prompt: every time I ??installed?? the update (a few times before I realized there was a problem), computer shutdown after installation.

khiatt
khiatt

Several of my Win7 (laptop) users came to me asking how to stop the [b]22 updates[/b] because they wanted to leave. Told them they could take it with them, just don't close it until it's done. Don't know how many times I've explained how it works, a shield on the shutdown button means it has updates to install. Hibernate if you don't have time.

Justin James
Justin James

The only big thing I'd call out, is to locate the WSUS data store on a separate drive that can be easily upgraded (it can get BIG) and has nothing else on it, to NOT back that up (it's all data that can be re-downloaded if needed, why waste a ton of backup drive/tape space?), and to make sure you ONLY download the languages that you need (ie: if you only use English versions of Windows, no need for patches in Chinese, Hungarian, French, etc.), that can waste a ton of space. J.Ja

sysop-dr
sysop-dr

Most likely the issue is an update not working with a driver. Not updating Windows is inviting disaster unless you don't connect to the internet or any other computer. Other issue I have seen is people putting newer bigger HDDs in older systems which Windows can see all of but their BIOS not able to. I did this on an old laptop and once a part of windows was patched and beyond this limit the machine would not boot. Shrank the disk by removing stuff and using parted and the machine boots and runs fine.

epiph
epiph

Hi, Finaly found a solution: * Logged in as Admin * Clicked on Start, All programs (translated from French) * Clicked on Windows update * After search, application said 2 updates, related to Net Framework 4, were downloaded but not installed * Deactivated the antivirus * Clicked on Install Installation went ok, and no more prompt for installation on shutdown. Bye.