May 2012 Microsoft Patch Tuesday Summary

Welcome to another edition of patch Tuesday summary blog. Last month’s patch Tuesday involved patching 11 vulnerabilities over 6 bulletins, while this month we are patching 23 vulnerabilities over 7 bulletins.

Here is a list of the vulnerabilities fixed in today’s patches:

MS12-029 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)

RTF Mismatch Vulnerability - CVE-2012-0183

MS12-030 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830)

Excel File Format Memory Corruption Vulnerability - CVE-2012-0141
Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability - CVE-2012-0142
Excel Memory Corruption Using Various Modified Bytes Vulnerability - CVE-2012-0143
Excel SXLI Record Memory Corruption Vulnerability - CVE-2012-0184
Excel MergeCells Record Heap Overflow Vulnerability - CVE-2012-0185
Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability - CVE-2012-1847

MS12-031 Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)

VSD File Format Memory Corruption Vulnerability - CVE-2012-0018

MS12-032 Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)

Windows Firewall Bypass Vulnerability - CVE-2012-0174
TCP/IP Double Free Vulnerability - CVE-2012-0179

MS12-033 Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)

Plug and Play (PnP) Configuration Manager Vulnerability - CVE-2012-0178

MS12-034 Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)

TrueType Font Parsing Vulnerability - CVE-2011-3402
TrueType Font Parsing Vulnerability - CVE-2012-0159
.NET Framework Buffer Allocation Vulnerability - CVE-2012-0162
.NET Framework Index Comparison Vulnerability - CVE-2012-0164
GDI+ Record Type Vulnerability - CVE-2012-0165
GDI+ Heap Overflow Vulnerability - CVE-2012-0167
Silverlight Double-Free Vulnerability - CVE-2012-0176
Windows and Messages Vulnerability - CVE-2012-0180
Keyboard Layout File Vulnerability - CVE-2012-0181
Scrollbar Calculation Vulnerability - CVE-2012-1848

MS12-035 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)

.NET Framework Serialization Vulnerability - CVE-2012-0160
.NET Framework Serialization Vulnerability - CVE-2012-0161

May 2012 Graph

As shown in the chart above, in May the number of vulnerabilities patched has increased from the prior month. Remember to always be cautious when following links to other sites, as well as opening documents and email attachments, especially when the origin of the documents is unknown. As we do every month, we’ve released a signature update to address the vulnerabilities fixed in today’s patches. Happy patching!

For additional information on how you can protect your network from emerging threats, please visit http://www.juniper.net/us/en/products-services/security/srx-series/

Everyone's Tags:

Comments

I'm not really sure what reposting the list of MS vulnerabilities here on the Juniper security blog really adds to the conversation or information distribution. This information is already widely availabe on the primary source. There really is no added value to simply adding yet another site that provides the exact same list copy and paste.

Perhaps if you showed what signatures would need to be used and in what settings to protect against each one of these vulnerabilities we would be able to learn something about how to configure and deploy these SRX features.

But a simple reposting of this list does not really give me anything new.

Steve

Permalink

We are having an internal discussion on how to combine future MS vulnerabilties reports with RSS signature data report: https://services.netscreen.com/restricted/sigupdates/nsm-updates/2131.html

Thank you for the feedback,

Alex

Permalink