Security & Mobility Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
aicasiano

May 2012 Microsoft Patch Tuesday Summary

by Juniper Employee on ‎05-08-2012 11:05 AM

May 2012 Microsoft Patch Tuesday Summary

 

Welcome to another edition of patch Tuesday summary blog.  Last month’s patch Tuesday involved patching 11 vulnerabilities over 6 bulletins, while this month we are patching 23 vulnerabilities over 7 bulletins.

 

Here is a list of the vulnerabilities fixed in today’s patches:

 

MS12-029 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)

  • RTF Mismatch Vulnerability - CVE-2012-0183

 

MS12-030 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830)

  • Excel File Format Memory Corruption Vulnerability - CVE-2012-0141
  • Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability - CVE-2012-0142
  • Excel Memory Corruption Using Various Modified Bytes Vulnerability - CVE-2012-0143
  • Excel SXLI Record Memory Corruption Vulnerability - CVE-2012-0184
  • Excel MergeCells Record Heap Overflow Vulnerability - CVE-2012-0185
  • Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability - CVE-2012-1847

 

MS12-031 Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)

  • VSD File Format Memory Corruption Vulnerability - CVE-2012-0018

 

MS12-032 Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)

  • Windows Firewall Bypass Vulnerability - CVE-2012-0174
  • TCP/IP Double Free Vulnerability - CVE-2012-0179

 

MS12-033 Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)

  • Plug and Play (PnP) Configuration Manager Vulnerability - CVE-2012-0178

 

MS12-034 Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)

  • TrueType Font Parsing Vulnerability - CVE-2011-3402
  • TrueType Font Parsing Vulnerability - CVE-2012-0159
  • .NET Framework Buffer Allocation Vulnerability - CVE-2012-0162
  • .NET Framework Index Comparison Vulnerability - CVE-2012-0164
  • GDI+ Record Type Vulnerability - CVE-2012-0165
  • GDI+ Heap Overflow Vulnerability - CVE-2012-0167
  • Silverlight Double-Free Vulnerability - CVE-2012-0176
  • Windows and Messages Vulnerability - CVE-2012-0180
  • Keyboard Layout File Vulnerability - CVE-2012-0181
  • Scrollbar Calculation Vulnerability - CVE-2012-1848

 

MS12-035 Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)

  • .NET Framework Serialization Vulnerability - CVE-2012-0160
  • .NET Framework Serialization Vulnerability - CVE-2012-0161

 

May 2012 Graph

 

As shown in the chart above, in May the number of vulnerabilities patched has increased from the prior month. Remember to always be cautious when following links to other sites, as well as opening documents and email attachments, especially when the origin of the documents is unknown.  As we do every month, we’ve released a signature update to address the vulnerabilities fixed in today’s patches.  Happy patching!

 

For additional information on how you can protect your network from emerging threats, please visit http://www.juniper.net/us/en/products-services/security/srx-series/

Comments
by Distinguished Expert on ‎05-08-2012 04:07 PM

I'm not really sure what reposting the list of MS vulnerabilities here on the Juniper security blog really adds to the conversation or information distribution.  This information is already widely availabe on the primary source.  There really is no added value to simply adding yet another site that provides the exact same list copy and paste.

 

Perhaps if you showed what signatures would need to be used and in what settings to protect against each one of these vulnerabilities we would be able to learn something about how to configure and deploy these SRX features. 

 

But a simple reposting of this list does not really give me anything new.

 

Steve

by Juniper Employee on ‎05-09-2012 10:24 AM

We are having an internal discussion on how to combine future MS vulnerabilties reports with RSS signature data report: https://services.netscreen.com/restricted/sigupdates/nsm-updates/2131.html

 

Thank you for the feedback,

Alex

 

 

 

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
About Security & Mobility Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kyle Adams
Senior Software Engineer

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Erin K. Banks
Senior Technical Marketing Manager

Profile | Subscribe

Ajay Bharadwaj
Product Manager

Profile | Subscribe

Paul Bristow
Senior Director
Product Management

Profile | Subscribe

Michael Callahan
Vice President
Product Marketing

Profile | Subscribe

Henrik Davidsson
Director
Security Sales

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Mora Gozani
Senior Manager
Product Marketing

Profile | Subscribe

Steve Hanna
Distinguished Engineer

Profile | Subscribe

Ashur Kanoon
Sr. Manager
Technical Marketing

Profile | Subscribe

Seema Kathuria
Manager
Product Marketing

Profile | Subscribe

Kevin Kennedy
Senior Director
Product Management

Profile | Subscribe

Dave Killion
Software Engineer

Profile | Subscribe

Rebecca Lawson
Senior Director
Product Marketing

Profile | Subscribe

Rajoo Nagar
Senior Manager
Product Marketing

Profile | Subscribe

Erin O'Malley
Manager
Product Marketing

Profile | Subscribe

Galina Pildush
Strategy & Planning
Architect

Profile | Subscribe

Edward Roberts
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Troy Vennon
Software Engineer

Profile | Subscribe

Brad Woodberg
Product Manager

Profile | Subscribe

Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.