Microsoft's May Patch Tuesday - What You Need to Know

By Alexandra Burlacu | May 10, 2012 09:00 AM EDT

Share This Story

  • Print
  • Email

As part of May's Patch released on Tuesday, May 8, Microsoft fixes 23 security flaws in all versions of Windows, Microsoft Office, Silverlight, and .NET Framework.

According to Microsoft's Security Bulletin Summary released on Tuesday, three of the seven bulletins were rated as "critical," while the other four were rated as "important."

Follow us

Except for two bulletins, all others addressed remote code execution vulnerabilities. The bugs fixed in May's security patch are not actively targeted, at least not for now. Microsoft, however, said that exploit for them was likely.

Highest Priority Security Updates

The RTF Mismatch Vulnerability (MS12-029) should be seen as the highest priority for most organizations. The update patches a flaw in Rich Text Format files. The vulnerability can be exploited through Microsoft Office 2003 and 2007 to control an end user's machine. Simply viewing an attached file in Microsoft Outlook's preview pane can trigger the exploit, which will then take control of the end user's machine without requiring any user interaction.

Microsoft Office for Mac 2011 is also included in the list of affected programs. Mac users need to be aware of increasing security risks and pay attention to updates to protect their software, especially with all the recent hype involving infecting Macs. A recent attack exploited an old vulnerability in Microsoft Word for Mac.

Microsoft also focused on the True Type Fonts vulnerability, which was exploited late last year by the Duqu Malware. Microsoft fixed the vulnerability in December's Patch Tuesday update (MS11-087). The internal security team also identified other products, including .NET, Windows, Silverlight, and Office, which contained the vulnerable code, and fixed them in the MS12-034 update. Those applications had several other bug fixes pending, and MS12-034 is a set of patches with such bug fixes, therefore it is very important to be installed.

Excel, Visio Patches in Microsoft Office

Microsoft patched six bugs in Excel (MS12-030), including file format memory corruption, remote code execution vulnerabilities, and record heap overflow. It also fixed one bug in Visio (MS12-031). Both these Microsoft Office bulletins addressed file-format vulnerabilities, which could be exploited with a certain file. A successful infection could allow a cyber attacker to gain control over an end user's targeted machine.

XBAP Patch

Lastly, the XBAP patch is rated as "critical," but it seems this bulletin is the least urgent one to install. XBAP is a Microsoft browser-based application delivery format. In order to be exploited without any user interaction, the attacker should already be in the same Intranet zone as the target. According to security experts, administrators should completely disable XBAP if there is no specific business need. This way, it would be less likely for the issue to be targeted.

(reported by Alexandra Burlacu, edited by Dave Clark)


Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

Join Our Conversation

The HTC logo is seen with different devices from the brand HTC M10 Perfume Launching A Month Later After MWC 2016
Lava Unleashes New P7 Device Into The Indian Market
New Disney Phone Coming To Japan
Xiaomi Locks Redmi Note 3, Mi 4c And Mi Note Pro; Others To Follow Suit?
Tablet / Laptop / PC
Dell Venue 7 and Venue 8 Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Amazon Logo Amazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC Logo HTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google Downtime Google blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
ZTE's new lease program ZTE’s new Lease-to-own Program for Mobile Devices
LG’s G Pay to Take on Google, Samsung and Apple
Facebook: Taxes in the UK and a new Shopping tab
Samsung’s VR Headset to be Released at $99, Hulu Jumps Onboard with Apps Ready

Most Popular

© 2016 IBT Media Inc. All Rights Reserved.mobilenapps