Microsoft May 2012 Patch Tuesday Addresses 23 Vulnerabilities

Microsoft releases May 2012 security updates addressing 23 vulnerabilities in various products. The bulletin announces the release of 7 security updates include: 2 updates for Microsoft Windows only; 3 updates for Microsoft Office only; 1 update for Microsoft .NET Framework only; and 1 update that combines multiple products: Microsoft Office, Microsoft Windows, Microsoft .NET Framework, […]

Microsoft releases May 2012 security updates addressing 23 vulnerabilities in various products. The bulletin announces the release of 7 security updates include: 2 updates for Microsoft Windows only; 3 updates for Microsoft Office only; 1 update for Microsoft .NET Framework only; and 1 update that combines multiple products: Microsoft Office, Microsoft Windows, Microsoft .NET Framework, and Microsoft Silverlight.

Users who have the Automatic Updates feature selected on their computers will receive these security enhancements as soon as they turn the PCs on. Customers who don't are en encouraged to apply these updates manually as soon as possible.

For those who must prioritize deployment, Microsoft recommend focusing on the following two critical updates first:

  • "MS12-034 (Microsoft Office, Windows, .NET Framework, and Silverlight): This security update addresses 10 issues affecting a cross section from Microsoft Windows , Office, Silverlight, and the Microsoft .NET Framework. The maximum severity for these issues is Critical and could result in remote code execution. To ensure protection all updates from this bulletin must be applied. We recommend that customers read through the bulletin information concerning MS12-034 and apply it as soon as possible.
  • MS12-029 (Microsoft Word): This security update addresses one Critical issue affecting Microsoft Office that could result in remote code execution. Attack vectors for this issue include maliciously crafted websites and email. We recommend that customers read through the bulletin information concerning MS12-029 and apply it as soon as possible," Microsoft stated.

Security Updates

Microsoft Security Bulletin MS12-029

  • Security Update for Microsoft Office Word 2007 (KB2596917)
  • Security Update for Microsoft Office 2007 suites (KB2596880)
  • Security Update for Microsoft Office Word 2003 (KB2598332)

Microsoft Security Bulletin MS12-030

  • Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
  • Security Update for Microsoft Excel 2010 (KB2597166) 64-Bit Edition
  • Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
  • Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
  • Security Update for Microsoft Office Excel 2007 (KB2597161)
  • Security Update for Microsoft Office Excel Viewer 2007 (KB2596842)
  • Security Update for Microsoft Office 2007 suites (KB2597162)
  • Security Update for Microsoft Office 2007 suites (KB2597969)
  • Security Update for Microsoft Office Excel 2003 (KB2597086)

Microsoft Security Bulletin MS12-031

  • Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
  • Security Update for Microsoft Visio Viewer 2010 (KB2597981) 64-Bit Edition

Microsoft Security Bulletin MS12-034

  • Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
  • Security Update for Microsoft Office 2010 (KB2589337) 64-Bit Edition
  • Security Update for Microsoft Office 2007 suites (KB2596672)
  • Security Update for Microsoft Office 2007 suites (KB2596792)
  • Security Update for Microsoft Office 2003 (KB2598253)

Non-Security Updates

  • Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
  • Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition

As with normal cadence, Outlook Junk Email Filters for Office 2003 , 2007 and 2010 32-bit/64-bit were also updated.

Below is a deployment priority guidance. (click for larger view)

Microsoft Patch Tuesday May 2012 deployment priority guidance

And, here is the risk and impact graph shows an aggregate view of this month's severity and exploitability index:

Microsoft May 2012 Patch Tuesday  risk and impact graph

Here is the overview video of the May 2012 Security Bulletin Release:

Microsoft also quitely rolled out Silverlight 5 Build 5.2.10411.0 Released May 8, 2012. Here's a list of some of the updates, which include performance, reliability and security improvements, per Microsoft:

  • Fixes Security issue described in the following Microsoft Knowledge Base article: 2636927 MS12-034: Description of the security update for Microsoft Silverlight: May 8, 2012
  • Fixes an issue where "Best Effort" Silverlight Digital Rights Management Output Protection levels failed on some machines.
  • Fixed a failure to update OOB applications that are configured to use elevated trust when in browser.
  • Fixes an issue where persistent license acquisition would fail when a customer upgrades from Silverlight 4 to Silverlight 5.
  • Fixes an issue where certain character combinations can cause Silverlight application to crash.
  • Fixes an Access Violation described in the following Connect issue https://connect.microsoft.com/VisualStudio/feedback/details/719572
  • Fixes an issue where the SL5 plugin displays blank window after installing a font with a font name that starts with "&"
  • Fixes an issue where moving a focus to TextBox or RichTextBox after moving a focus to ItemsControl causes IME to be disabled.
  • Fixes an issue where Silverlight would not play content which required Output Protection.
  • Fixes a Silverlight DRM issue where some customers encounter hardware ID mismatch errors which can only be resolved by re-individualization.