It's Microsoft Patch Tuesday: May 2012

Justin James gathers the information you need to make the right deploy decision when applying Microsoft's May 2012 patches in your organization.

This month sees a trio of remote code execution attacks in Office products, which is never good, and another big-time vulnerability in XAML Browser Application (XBAP) handling. At least the nonsecurity patches are at a bare minimum this time around!

This blog post is also available in PDF format in a TechRepublic download. Falling behind on your patch deployments, catch up with previously published Microsoft Patch Tuesday blog posts.

Editor's Note: A few of the Knowledge Base articles were still not available on May 8, 2012. They should be available for review soon, but we are at the mercy of Microsoft's timetable.

Security Patches

MS12-029/KB2680352 - Critical (Office 2007)/Important (Office 2003, Office 2008 for Mac, Office 2011 for Mac, Office Compatibility Pack): Parsing issues with RTF files can lead to remote code execution attacks against Word users, granting the attacker the privileges of the user who opened the file. You will want to plug this hole immediately. MS12-030/KB2663830 - Important (Office 2003, Office 2007, Office 2010, Office 2008 for Mac, Office 2011 for Mac, Office Compatibility Pack, Excel Viewer): Another remote code execution attack that occurs when opening files, this time in Excel. Even though Microsoft rates the severity as "important," the overall exposure justifies installing the patch as soon as you can. MS12-031/KB2597981 - Important (Visio Viewer 2010): Visio also has a remote code execution vulnerability when opening files. It makes me wonder if it is all the same common piece of code? Again, get Visio patched quickly, since those files are not too uncommon. MS12-032/KB2688338 - Important (Vista, W7, 2008, 2008 R2): Locally logged-on users can run an application to exploit issues with the TCP/IP stack and get higher rights. Because the user must already be logged on and able to run applications, the patch can wait until your normal patch cycle. MS12-033/KB2690533 - Important (Vista, W7, 2008, 2008 R2): The Windows Partition Manager also has an escalation of privileges vulnerability, exploitable by a locally logged-on user running code. Again, this one can wait until you are scheduled to install patches. MS12-034/KB2681578 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2, Silverlight 4 for Mac and Windows, Silverlight 5 for Mac and Windows): A whopping TEN vulnerabilities -- three already public -- are solved with this patch. Some are remote code execution attacks that can be exploited by visiting a Web site. It is hard to overstress how important it is to install this patch. MS12-035/KB2693777 - Critical (XP, Vista, W7, 2003, 2008, 2008 R2): XAML Browser Applications (XBAPs) are getting hit again this month with remote code executions that can be exploited through a Web site. Patch immediately, and seriously consider disabling XBAPs if you have not done so already.

Other Updates

KB931125 - Root certification update.

"The Usual Suspects": Updates to the Malicious Software Removal Tool and the ActiveX Killbits.

Changed, but not significantly: none.

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday:

KB931125 - Root certification update.

Changed, but not significantly: None.