• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Microsoft Black Tuesday: May Brings Windows, Office and .NET Patches

May 8, 2012 By Corey Nachreiner

Microsoft has offered its May security updates to the masses. As expected, the theme this month seems to revolve around Office document parsing vulnerabilities. If you use Office in your network, you will want to apply these updates as soon as possible.

In their May security bulletin summary, Microsoft highlights seven security bulletins that fix 23 vulnerabilities in four primary products, including:

  • Windows
  • Office
  •  .NET Framework
  • Silverlight

They rate three of these bulletins as Critical, which typically means remote attackers can exploit them to gain control of affected computers.

The two most serious flaws appear to be a vulnerability in Word (MS12-029) involving the way it handles Rich Text Files (RTF), and ten flaws that affect Office, Windows, the .NET Framework, and Silverlight (MS12-034); many of which also have to do with how these products handle documents or fonts. I would apply these updates in the same order Microsoft recommends in their summary post.

I’ll share more details about these issues, and how to fix them, in consolidated alerts I’ll post here shortly.

[UPDATE] I mistakenly published an unfinished version of this post as I was writing it. This may have resulted in you receiving an email containing the incomplete post. I apologize for the confusion this may have caused, and the extra email.  — Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Uncategorized Tagged With: Microsoft, silverlight, Updates and patches, visio, word

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Cybersecurity’s Toll on Mental Health
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Cybersecurity’s Toll on Mental Health
  • Successfully Prosecuting a Russian Hacker
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use