May 2012 Patch Tuesday Overview

Marking the May 2012 edition of Patch Tuesday, Microsoft has released seven new security bulletins addressing 23 vulnerabilities.

The first bulletin administrators should address immediately is the mammoth security bulletin MS12-034.  The sheer size of this security bulletin will undoubtedly affect the majority of your network when patching this month.

This bulletin covers:
72 Microsoft operating systems / service pack combinations
31 Microsoft .NET installation versions and types
9 Microsoft Office installation versions and types
6 Microsoft Silverlight installation versions and types

This is by far one of the largest security bulletins Microsoft has ever released.  This bulletin will address seven vulnerabilities with three of the vulnerabilities already publicly disclosed.  There are quite a few scenarios an attacker could exploit the vulnerabilities, but the most tempting attack scenario will involve a user visiting a malicious website.  With an unpatched system, the user will be subject to an attack that will result in Remote Code Execution.  MS12-035 is a second security bulletin that addresses vulnerabilities in the Microsoft .NET application.  Both MS12-034 and MS12-035 will need to be applied to applicable systems with .NET installed.  As most administrators are already aware of, patching Microsoft .NET can be extremely time-consuming.  Administrators should plan for a longer than usual patch cycle for their machines with .NET installed with two security bulletins affection the Microsoft .NET product.

Next up on the priority list for patching this month is MS12-029.  This security bulletin addresses one vulnerability in older versions of Microsoft Word (pre Microsoft Word 2010).  An attacker can gain Remote Code Execution if a user opens a malicious RTF type document with Microsoft Word.  RTF documents are very common documents that are typically allowed through email systems as attachments.

Microsoft also released a new security advisory for their ActiveX Kill Bits with Microsoft Security Advisory (2695962).  In the past, Microsoft released ActiveX Kill Bit updates in a security bulletin format.  With the change to a security advisory format, it is important to not forget about these patches during your normal patch Tuesday cycle.

On the non-Microsoft front, Adobe has joined patch Tuesday with a security bulletin release of their own.  The 4 new Adobe Security bulletins affect a variety of products:
APSB12-10 – Adobe Illustrator:  5 vulnerabilities fixed, can lead to Remote Code Execution
APSB12-11 – Adobe Photoshop:  2 vulnerabilities fixed, can lead to Remote Code Execution
APSB12-12 – Adobe Flash Professional:  1 vulnerability fixed, can lead to Remote Code Execution
APSB12-13 – Adobe Shockwave Player:  5 vulnerabilities fixed, can lead to Remote Code Execution

Last Friday, Adobe released an update for their Adobe Flash Player with APSB12-09.  This security bulletin addresses a zero-day vulnerability that is currently being exploited in the wild.  Adobe Flash is a widely used program and often targeted by attackers, so this bulletin should be deployed as soon as possible with your Microsoft security bulletins.

In all, this typically light patching month will feature quite a few security bulletins to address on networks (7 Microsoft security bulletins, 1 Microsoft security advisory, 5 Adobe bulletins).

I will be going over the May Patch Tuesday in detail in addition to any other non-Microsoft releases since the last Patch Tuesday in our Monthly Patch Tuesday webinar. This webinar is scheduled for next Wednesday, May 9th at 11:00am CST. You can register for this webinar here.

– Jason Miller

May 2012 Patch Tuesday Advanced Notification

Microsoft has released their Advanced Notification for the May 2012 edition of Patch Tuesday.  Microsoft is planning to release seven bulletins addressing 23 vulnerabilities.  In addition, they will be releasing a Security Advisory to update ActiveX killbits.  Last year, Microsoft moved the ActiveX killbit updates from a Security Bulletin to a Security Advisory.  So, you should be aware that there will be eight bulletins that need your attention next Tuesday.

Security Bulletin Breakdown:

  • 4 bulletins are rated as Critical
  • 3 bulletins are rated as Important
  • 5 bulletins addressing vulnerabilities that could lead to Remote Code Execution
  • 2 bulletins addressing vulnerabilities that could lead to Elevation of Privilege

Affected Products:

  • All supported Microsoft Operating Systems
  • All supported Microsoft Office products (2003, 2007, 2010)
  • Microsoft Office Compatibility Pack
  • Microsoft Visio Viewer 2010
  • Microsoft Excel Viewer
  • Microsoft Silverlight 4, 5

I will be going over the May Patch Tuesday in detail in addition to any other non-Microsoft releases since the last Patch Tuesday in our Monthly Patch Tuesday webinar.  This webinar is scheduled for next Wednesday, May 9th at 11:00am CST.  You can register for this webinar here.

 – Jason Miller

NetChk Protect End-of-Life for versions 7.5, 7.6, and 7.8

VMware customers using the Shavlik branded versions of Protect please note that we are announcing the end-of-life for versions 7.5, 7.6, and 7.8.  You will see the following message when contacting support.

“In November of 2012, Shavlik, a VMware Company, will End-of-Life (EOL) the following NetChk Protect versions by disabling the ability to update the XML data. As of November 1, 2012, the ability to update XML data on Protect 7.5, 7.6 and 7.8 versions of the product will be disabled. Please refer to VMware’s Life Cycle Policies page under VMware vCenter Protect Essentials/Essentials Plus for further information at https://www.vmware.com/support/policies/lifecycle/ &https://www.vmware.com/files/pdf/support/Shavlik-Legacy-EOL-Information.pdf.

To upgrade to the latest version of vCenter (NetChk) Protect Essentials, please visit:  http://www.shavlik.com/downloads.aspx.”

The vCenter Protect support team will also be directly contacting customers who are last known to be on these versions.  As always we will do everything we can to ensure Protect customers have been notified of the versions that will no longer be supported.

Regards,

Chris Goettl
Product Owner
SMB Management Solutions
VMware