12345

5/09/2012

Microsoft Security Bulletin Summary for May 2012

1. Introduction

Microsoft(MS)'s regular security updates were released for April 2012.
Users who use MS OS strongly recommended update to be safe from Vulnerability in Microsoft Word Could Allow Remote Code Execution, Vulnerabilities in Microsoft Office Could Allow Remote Code Execution, Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution, Vulnerability in TCP/IP Could Allow Elevation of Privilege, Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege, Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight, and Vulnerabilities in .NET Framework Could Allow Remote Code Execution.



2. Update details

[Critical]
[MS12-029] Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)

Vulnerability: RTF Mismatch Vulnerability- CVE-2012-0183

This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Softwares

- Microsoft Office 2003 SP3
- Microsoft Office 2007 SP2
- Microsoft Office 2007 SP 3
- Microsoft Office 2008 for Mac
- Microsoft Office 2008 for Mac 2011
- Microsoft Office Compatibility Pack SP2
- Microsoft Office Compatibility Pack SP3

- Reference site

http://technet.microsoft.com/en-us/security/bulletin/MS12-029



[Important]
[MS12-030] Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830)

Vulnerability: Excel File Format Memory Corruption Vulnerability- CVE-2012-0141
Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability- CVE-2012-0142
Excel Memory Corruption Using Various Modified Bytes Vulnerability- CVE-2012-0143
Excel SXLI Record Memory Corruption Vulnerability- CVE-2012-0184
Excel MergeCells Record Heap Overflow Vulnerability- CVE-2012-0185
Excel Series Record Parsing Type Mismatch Vulnerability- CVE-2012-1847

This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Softwares

- Microsoft Office 2003 SP3
- Microsoft Office 2007 SP2
- Microsoft Office 2007 SP3
- Microsoft Office 2010 (32-bit editions)
- Microsoft Office 2010 SP1 (32-bit editions)
- Microsoft Office 2010 (64-bit editions)
- Microsoft Office 2010 SP1 (64-bit editions)
- Microsoft Office 2008 for Mac
- Microsoft Office 2008 for Mac 2011
- Microsoft Excel Viewer
- Microsoft Office Compatibility Pack SP2
- Microsoft Office Compatibility Pack SP3

- Reference site

http://technet.microsoft.com/en-us/security/bulletin/MS12-030



[Important]
[MS12-031] Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)

Vulnerability: VSD File Format Memory Corruption Vulnerability- CVE-2012-0018

This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Softwares

- Microsoft Visio Viewer 2010 (32-bit editions)
- Microsoft Visio Viewer 2010 SP1(32-bit editions)
- Microsoft Visio Viewer 2010 (64-bit editions)
- Microsoft Visio Viewer 2010 SP1(64-bit editions)

- Reference site

http://technet.microsoft.com/en-us/security/bulletin/MS12-031



[Important]
[MS12-032] Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)

Vulnerability: Windows Firewall Bypass Vulnerability- CVE-2012-0174
TCP/IP Double Free Vulnerability- CVE-2012-0179

This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.

Affected Softwares

- Windows Vista SP2
- Windows Vista x64 Edition SP2
- Windows 2008 for 32bit SP2
- Windows Server 2008 for x64-based SP2
- Windows Server 2008 for Itanium SP2
- Windows 7 for 32-bit
- Windows 7 for 32bit SP1
- Windows 7 for x64-based
- Windows 7 for x64-based SP1
- Windows Server 2008 R2 x64-based
- Windows Server 2008 R2 x64-based SP1
- Windows Server 2008 R2 Itanium-based
- Windows Server 2008 R2 Itanium-based SP1

- Reference site

http://technet.microsoft.com/en-us/security/bulletin/MS12-032



[Important]
[MS12-033] Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)

Vulnerability: Plug and Play (PnP) Configuration Manager Vulnerability- CVE-2012-0178

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.

Affected Softwares

- Windows Vista SP2
- Windows Vista x64 Edition SP2
- Windows 2008 for 32bit SP2
- Windows Server 2008 for x64-based SP2
- Windows Server 2008 for Itanium SP2
- Windows 7 for 32-bit
- Windows 7 for 32bit SP1
- Windows 7 for x64-based
- Windows 7 for x64-based SP1
- Windows Server 2008 R2 x64-based
- Windows Server 2008 R2 x64-based SP1
- Windows Server 2008 R2 Itanium-based
- Windows Server 2008 R2 Itanium-based SP1

- Reference site

http://technet.microsoft.com/en-us/security/bulletin/MS12-033



[Critical]
[MS12-034] Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)

Vulnerability: RTF Mismatch Vulnerability- CVE-2012-0183

This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Affected Softwares

- Microsoft Office 2003 SP3
- Microsoft Office 2007 SP2
- Microsoft Office 2007 SP 3
- Microsoft Office 2008 for Mac
- Microsoft Office 2008 for Mac 2011
- Microsoft Office Compatibility Pack SP2
- Microsoft Office Compatibility Pack SP3

- Reference site

http://technet.microsoft.com/en-us/security/bulletin/MS12-034

No comments:

Post a Comment