Welcome to Patch Tuesday, May 2012 edition! This week brings us 7 new security bulletins from Microsoft, addressing 23 flaws in various Microsoft products. This month’s vulnerabilities are heavily weighted toward desktop applications, with critical vulns in MS Word, Excel, Visio and other components.
This month’s patches include the following:
- (MS12-029) Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)
- (MS12-030) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2663830)
- (MS12-031) Vulnerabilities in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)
- (MS12-032) Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)
- (MS12-033) Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)
- (MS12-034) Vulnerabilities in GDI+ and TrueType Font Engine Could Allow Remote Code Execution (2681578)
- (MS12-035) Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)
Top of the list of this month for many organizations will be MS12-034. This modest-sounding patch revisits a vulnerability we last discussed in December 2011 (MS11-087). The vuln was notably exploited by the Duqu rootkit, a sophisticated, targeted attack that circulated late last year, with new variants seen as recently as March 2012. Recently, MS has done additional analysis, and found duplicate copies of the flawed code in several other Windows components, ranging from the TrueType font engine to Silverlight. While patching this vuln, MS also rolled in a number of fixes for other issues they had stacked up, for a total of 10 diverse vulns addressed in this single bulletin. The volume and variety of issues combined in this bulletin make it a high priority.
The vulns in MS Word, Excel, Visio, and .NET are also fairly concerning. In all cases, an attacker would deliver a specially-crafted malicious document, via email or web channels, or perhaps via a USB stick. If the attacker can convince the user to open the malicious doc, the vulnerabilities allow the attacker to take complete control of the user’s system. There are no lack of client-side attacks similar to these, and they remain one of the most common vectors for attacks, both random and targeted.
McAfee’s confirmed coverage for this month’s vulns is as follows:
- McAfee VirusScan's buffer overflow protection is expected to provide proactive protection against exploits of 10 out of 23 vulnerabilities this month.
- McAfee Host Intrusion Prevention is expected to provide protection against exploits of 10 out of 23 vulnerabilities this month.
- McAfee Application Control is expected to provide protection against exploits of 13 out of 23 vulnerabilities this month.
- McAfee's Network Security Platform has new signatures confirmed to protect exploits of 15 out of 23 vulnerabilities this month.
- McAfee Vulnerability Manager and Policy Auditor will very shortly have content to assess whether your systems are exposed to any of these new vulnerabilities.
In particular, coverage is excellent for the vulnerabilities in the MS Office apps for all listed countermeasures. Additional research is being performed by McAfee Labs, and coverage may improve as additional results roll in. As more details become available, you’ll find them on the McAfee Threat Center.