May 2012 Patch Tuesday Overview
Marking the May 2012 edition of Patch Tuesday, Microsoft has released seven new security bulletins addressing 23 vulnerabilities.
The first bulletin administrators should address immediately is the mammoth security bulletin MS12-034. The sheer size of this security bulletin will undoubtedly affect the majority of your network when patching this month.
This bulletin covers:
72 Microsoft operating systems / service pack combinations
31 Microsoft .NET installation versions and types
9 Microsoft Office installation versions and types
6 Microsoft Silverlight installation versions and types
This is by far one of the largest security bulletins Microsoft has ever released. This bulletin will address seven vulnerabilities with three of the vulnerabilities already publicly disclosed. There are quite a few scenarios an attacker could exploit the vulnerabilities, but the most tempting attack scenario will involve a user visiting a malicious website. With an unpatched system, the user will be subject to an attack that will result in Remote Code Execution. MS12-035 is a second security bulletin that addresses vulnerabilities in the Microsoft .NET application. Both MS12-034 and MS12-035 will need to be applied to applicable systems with .NET installed. As most administrators are already aware of, patching Microsoft .NET can be extremely time-consuming. Administrators should plan for a longer than usual patch cycle for their machines with .NET installed with two security bulletins affection the Microsoft .NET product.
Next up on the priority list for patching this month is MS12-029. This security bulletin addresses one vulnerability in older versions of Microsoft Word (pre Microsoft Word 2010). An attacker can gain Remote Code Execution if a user opens a malicious RTF type document with Microsoft Word. RTF documents are very common documents that are typically allowed through email systems as attachments.
Microsoft also released a new security advisory for their ActiveX Kill Bits with Microsoft Security Advisory (2695962). In the past, Microsoft released ActiveX Kill Bit updates in a security bulletin format. With the change to a security advisory format, it is important to not forget about these patches during your normal patch Tuesday cycle.
On the non-Microsoft front, Adobe has joined patch Tuesday with a security bulletin release of their own. The 4 new Adobe Security bulletins affect a variety of products:
APSB12-10 - Adobe Illustrator: 5 vulnerabilities fixed, can lead to Remote Code Execution
APSB12-11 - Adobe Photoshop: 2 vulnerabilities fixed, can lead to Remote Code Execution
APSB12-12 - Adobe Flash Professional: 1 vulnerability fixed, can lead to Remote Code Execution
APSB12-13 - Adobe Shockwave Player: 5 vulnerabilities fixed, can lead to Remote Code Execution
Last Friday, Adobe released an update for their Adobe Flash Player with APSB12-09. This security bulletin addresses a zero-day vulnerability that is currently being exploited in the wild. Adobe Flash is a widely used program and often targeted by attackers, so this bulletin should be deployed as soon as possible with your Microsoft security bulletins.
In all, this typically light patching month will feature quite a few security bulletins to address on networks (7 Microsoft security bulletins, 1 Microsoft security advisory, 5 Adobe bulletins).
I will be going over the May Patch Tuesday in detail in addition to any other non-Microsoft releases since the last Patch Tuesday in our Monthly Patch Tuesday webinar. This webinar is scheduled for next Wednesday, May 9th at 11:00am CST. You can register for this webinar here.
- Jason Miller