14 DAY TRIAL // On Tuesday, May 8th, Redmond-based software giant Microsoft issued a new security update for its users, addressing 23 vulnerabilities in various products.
Seven bulletins were included in the update, three of which are rated Critical, while the other four are rendered Important.
Following the Advanced Notification released last week, Microsoft made public specific details on each bulletin and on the vulnerabilities they are destined to patch.
“For Update Tuesday we’re releasing seven security bulletins – three Critical-class and four Important – addressing 23 issues in Microsoft Windows, Office, Silverlight, and the .NET Framework,” Yunsun Wee, director, Microsoft Trustworthy Computing, notes in a blog post.
Microsoft’s customers are recommended to apply the new patches as soon as possible, so as to ensure that these security problems are resolved. You can find details on these updates below and in the video embedded at the bottom of the article.
The first bulletin in the update, MS12-029, resolves a privately reported breach in Microsoft Office that could allow remote code execution, provided that the user opened a specially crafted RTF file.
It is rated Critical, the same as the second bulletin, MS12-034, which resolves ten vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework, and Microsoft Silverlight that could allow remote code execution.
Bulletin MS12-035, also critical, resolves two security issues in the .NET Framework that could allow remote code execution if “a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs).”
Rated Important, bulletins MS12-030 and MS12-031 resolve seven vulnerabilities in Microsoft Office that could also allow remote code execution in the event that the user opens a specially crafted Office file (the first six) or a specially crafted Visio file.
Also important, bulletins MS12-032 and MS12-033 resolve three security holes in Windows. They could allow elevation of privilege if the attacker runs a specific application on the system.
Users who have the Automatic Updates feature selected on their computers will receive these security enhancements as soon as they turn the PCs on. Customers who don’t are en encouraged to apply these updates manually as soon as possible.