Microsoft's May Patch Tuesday - What You Need to Know

By Alexandra Burlacu | May 10, 2012 09:00 AM EDT

Share This Story

  • Print
  • Email

As part of May's Patch released on Tuesday, May 8, Microsoft fixes 23 security flaws in all versions of Windows, Microsoft Office, Silverlight, and .NET Framework.

According to Microsoft's Security Bulletin Summary released on Tuesday, three of the seven bulletins were rated as "critical," while the other four were rated as "important."

Follow us

Except for two bulletins, all others addressed remote code execution vulnerabilities. The bugs fixed in May's security patch are not actively targeted, at least not for now. Microsoft, however, said that exploit for them was likely.

Highest Priority Security Updates

The RTF Mismatch Vulnerability (MS12-029) should be seen as the highest priority for most organizations. The update patches a flaw in Rich Text Format files. The vulnerability can be exploited through Microsoft Office 2003 and 2007 to control an end user's machine. Simply viewing an attached file in Microsoft Outlook's preview pane can trigger the exploit, which will then take control of the end user's machine without requiring any user interaction.

Microsoft Office for Mac 2011 is also included in the list of affected programs. Mac users need to be aware of increasing security risks and pay attention to updates to protect their software, especially with all the recent hype involving infecting Macs. A recent attack exploited an old vulnerability in Microsoft Word for Mac.

Microsoft also focused on the True Type Fonts vulnerability, which was exploited late last year by the Duqu Malware. Microsoft fixed the vulnerability in December's Patch Tuesday update (MS11-087). The internal security team also identified other products, including .NET, Windows, Silverlight, and Office, which contained the vulnerable code, and fixed them in the MS12-034 update. Those applications had several other bug fixes pending, and MS12-034 is a set of patches with such bug fixes, therefore it is very important to be installed.

Excel, Visio Patches in Microsoft Office

Microsoft patched six bugs in Excel (MS12-030), including file format memory corruption, remote code execution vulnerabilities, and record heap overflow. It also fixed one bug in Visio (MS12-031). Both these Microsoft Office bulletins addressed file-format vulnerabilities, which could be exploited with a certain file. A successful infection could allow a cyber attacker to gain control over an end user's targeted machine.

XBAP Patch

Lastly, the XBAP patch is rated as "critical," but it seems this bulletin is the least urgent one to install. XBAP is a Microsoft browser-based application delivery format. In order to be exploited without any user interaction, the attacker should already be in the same Intranet zone as the target. According to security experts, administrators should completely disable XBAP if there is no specific business need. This way, it would be less likely for the issue to be targeted.

(reported by Alexandra Burlacu, edited by Dave Clark)

 

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

© 2014 Mobile & Apps All rights reserved. Do not reproduce without permission.

Featured Video : Intel Pocket Avatars

Join Our Conversation

Smartphones
Verizon HTC One RemixVerizon HTC One Remix (One Mini 2) now on sale, $49.99 on contract
Apple planning two fall launch events: iPhone in September, iWatch in October
Sony Xperia Z3 may launch as minor upgrade compared to current flagship
Samsung Galaxy Alpha may not be the metal beast you’re waiting for
Tablet / Laptop / PC
Dell Venue 7 and Venue 8Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Gadgets
Amazon LogoAmazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC LogoHTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google DowntimeGoogle blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
PayPal iOS appPayPal for iOS update brings loyalty card support, other features and enhancements
Facebook Slingshot now official to challenge Snapchat – What makes it stand out?
Pinterest update brings Guided Search to desktop users (VIDEO)
SwiftKey goes free on Google Play, boasts great new features & improvements
Copyright © 2014 Mobile & Apps All rights reserved. mobilenapps
Real Time Analytics