Microsoft has offered its May security updates to the masses. As expected, the theme this month seems to revolve around Office document parsing vulnerabilities. If you use Office in your network, you will want to apply these updates as soon as possible.
In their May security bulletin summary, Microsoft highlights seven security bulletins that fix 23 vulnerabilities in four primary products, including:
- .NET Framework
They rate three of these bulletins as Critical, which typically means remote attackers can exploit them to gain control of affected computers.
The two most serious flaws appear to be a vulnerability in Word (MS12-029) involving the way it handles Rich Text Files (RTF), and ten flaws that affect Office, Windows, the .NET Framework, and Silverlight (MS12-034); many of which also have to do with how these products handle documents or fonts. I would apply these updates in the same order Microsoft recommends in their summary post.
I’ll share more details about these issues, and how to fix them, in consolidated alerts I’ll post here shortly.
[UPDATE] I mistakenly published an unfinished version of this post as I was writing it. This may have resulted in you receiving an email containing the incomplete post. I apologize for the confusion this may have caused, and the extra email. — Corey Nachreiner, CISSP (@SecAdept)