Patch Analysis for May 2012

Microsoft has released 7 bulletins outlining the security patches needed to address 23 vulnerabilities. What needs to be given attention first depends on the enterprise environment and the software that is installed.  If you have Office 2007 Word installed on a workstation or Terminal Server, then MS12-029 should get immediate attention. This was at the top of Microsoft’s list in the order of severity. Microsoft Outlook can also use Word as it’s email reader. See the chart for other version affected.

Next is the combined security update for Microsoft Office, Windows, .NET Framework, and Silverlight, MS12-034. This bulletin addresses 10 vulnerabilities, all of which Microsoft indicates successful exploit code is likely to be seen. In fact 3 of the vulnerabilities were publicly disclosed previously. It’s clear that Microsoft has put a lot into this update. We recommend an early deployment and at this point there are no known issues. Some of the vulnerabilities affect servers as well as workstations.

MS12-035 is next on the list. It addresses two more .NET Framework vulnerabilities that are rated critical. The four other bulletins are rated important and should be given attention also.

Patch Tuesday Coverage Made Possible By: Lumension:  IT Secured.  Success Optimized.™

Visit the Lumension Patch Tuesday Center

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS12-031

2597981
Arbitrary code

/ Office Visio
Workstations
Terminal Servers
No/NoNoImportant Visio 2010 Viewer
 Patch after testing
MS12-030

2663830
Arbitrary code

/ Office
Workstations
Terminal Servers
Yes/NoNoImportant Office 2003
Office 2007
Office 2008 for Mac
Excel Viewer
Office Compatability Pack
Office 2010
Office 2011 for MAC
 Patch after testing
MS12-029

2680352
Arbitrary code

/ Office Word
Workstations
Terminal Servers
No/NoNoCritical Office 2003
Office 2007
Office 2008 for Mac
Office Compatability Pack
Office 2011 for MAC
 Patch after testing
MS12-034

2681578
Arbitrary code

/ Windows, Office, ,Net, Silverlight
Workstations
Terminal Servers
Servers
Yes/NoNoCritical XP
Vista
Office 2003
Office 2007
Server 2003
Server 2008
Server 2008 R2
Windows 7
Silverlight 3
Office 2010
Silverlight 4
Silverlight 5
Combined Security UpdatePatch after minimal testing
MS12-032

2688338
Privilege elevation

/ Windows
Workstations
Servers
Yes/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS12-033

2690533
Privilege elevation

/ Windows
Workstations
Terminal Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Restart Req'dPatch after testing
MS12-035

2693777
Arbitrary code

/ .Net Framework
Workstations
Servers
No/NoNoCritical XP
Vista
Server 2003
Server 2008
Server 2008 R2
Windows 7
 Patch after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.