Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

AD Audits: Top 7 Questions to Answer When Auditors Look at Account Management and Access Control in Active Directory

Webinar Library

Latest Blogs

LOGbinder SQL Released!

Chances are Someone is Trying to Steal Your Organization’s Information

Recommended Alerts and Reports for SharePoint (LOGbinder SP) Updated

Top Resources

Security Log

IT Audit

Additional Resources

Patch Tuesday: May, 2012: Microsoft Fixes 23 Vulnerabilities

Microsoft has released 7 bulletins outlining the security patches needed to address 23 vulnerabilities. What needs to be given attention first depends on the enterprise environment and the software that is installed. If you have Office 2007 Word installed on a workstation or Terminal Server, then MS12-029 should get immediate attention. This was at the top of Microsoft’s list in the order of severity. Microsoft Outlook can also use Word as it’s email reader. See the chart for other version affected.

Next is the combined security update for Microsoft Office, Windows, .NET Framework, and Silverlight, MS12-034. This bulletin addresses 10 vulnerabilities, all of which Microsoft indicates successful exploit code is likely to be seen. In fact 3 of the vulnerabilities were publicly disclosed previously. It’s clear that Microsoft has put a lot into this update. We recommend an early deployment and at this point there are no known issues. Some of the vulnerabilities affect servers as well as workstations.

MS12-035 is next on the list. It addresses two more .NET Framework vulnerabilities that are rated critical. The four other bulletins are rated important and should be given attention also.

Patch Tuesday Coverage Made Possible By: Lumension: IT Secured. Success Optimized.™

Visit the Lumension Patch Tuesday Center

Research security patch database

Bulletin	Exploit Types /Technologies Affected	System Types Affected	Exploit details public? / Being exploited?	Comprehensive, practical workaround available?	MS severity rating	Products Affected	Notes	Randy's recommendation
MS12-031 2597981	Arbitrary code / Office Visio	Workstations Terminal Servers	No/No	No	Important	Visio 2010 Viewer		Patch after testing
MS12-030 2663830	Arbitrary code / Office	Workstations Terminal Servers	Yes/No	No	Important	Office 2003 Office 2007 Office 2008 for Mac Excel Viewer Office Compatability Pack Office 2010 Office 2011 for MAC		Patch after testing
MS12-029 2680352	Arbitrary code / Office Word	Workstations Terminal Servers	No/No	No	Critical	Office 2003 Office 2007 Office 2008 for Mac Office Compatability Pack Office 2011 for MAC		Patch after testing
MS12-034 2681578	Arbitrary code / Windows, Office, ,Net, Silverlight	Workstations Terminal Servers Servers	Yes/No	No	Critical	XP Vista Office 2003 Office 2007 Server 2003 Server 2008 Server 2008 R2 Windows 7 Silverlight 3 Office 2010 Silverlight 4 Silverlight 5	Combined Security Update	Patch after minimal testing
MS12-032 2688338	Privilege elevation / Windows	Workstations Servers	Yes/No	No	Important	Vista Server 2008 Server 2008 R2 Windows 7	Restart Req'd	Patch after testing
MS12-033 2690533	Privilege elevation / Windows	Workstations Terminal Servers	No/No	No	Important	Vista Server 2008 Server 2008 R2 Windows 7	Restart Req'd	Patch after testing
MS12-035 2693777	Arbitrary code / .Net Framework	Workstations Servers	No/No	No	Critical	XP Vista Server 2003 Server 2008 Server 2008 R2 Windows 7		Patch after testing

Send me this chart next Patch Tuesday.
Email:
We will not share your address. Unsubscribe anytime.

Home

User name:
Password:
	/ Forgot?
	Register

Home

Follow @randyfsmith

About | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2012 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.