|
Microsoft Security Bulletins
|
|
|
-
MS12-034 - Critical : Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) - Version: 1.1
Severity Rating: Critical
Revision Note: V1.1 (May 16, 2012): Added a link to Microsoft Knowledge Base Article 2681578 under Known Issues in the Executive Summary. Also added Microsoft .NET Framework 1.1 Service Pack 1 to the Non-Affected Software table and corrected the update replacement information for Microsoft Office. These were informational changes only. There were no changes to the security update files or detection logic.
Summary: This security update resolves three publicly disclosed vulnerabilities and seven privately reported vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType font files. An attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.
-
MS12-035 - Critical : Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777) - Version: 2.0
Severity Rating: Critical
Revision Note: V2.0 (May 11, 2012): Added an entry to the update FAQ to communicate that security update KB2656353 addresses the vulnerabilities described in this bulletin for all supported systems running Microsoft .NET Framework 1.1 Service Pack 1, except when installed on Windows Server 2003 Service Pack 2. There were no changes to the security update files. Customers who have successfully installed the update do not need to take any action.
Summary: This security update resolves two privately reported vulnerabilities in the .NET Framework. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
-
MS11-100 - Critical : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) - Version: 1.4
Severity Rating: Critical
Revision Note: V1.4 (May 11, 2012): Added entry to the update FAQ to announce that KB2656353, offered in this bulletin, also addresses CVE-2012-0160 and CVE-2012-0161, which are documented in MS12-035.
Summary: This security update resolves one publicly disclosed vulnerability and three privately reported vulnerabilities in Microsoft .NET Framework. The most severe of these vulnerabilities could allow elevation of privilege if an unauthenticated attacker sends a specially crafted web request to the target site. An attacker who successfully exploited this vulnerability could take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. In order to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name.
-
MS12-029 - Critical : Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352) - Version: 1.0
Severity Rating: Critical
Revision Note: V1.0 (May 8, 2012): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
-
MS12-032 - Important : Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338) - Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (May 8, 2012): Bulletin published.
Summary: This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.
-
MS12-031 - Important : Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981) - Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (May 8, 2012): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
-
MS12-033 - Important : Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533) - Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (May 8, 2012): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.
-
MS12-030 - Important : Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830) - Version: 1.0
Severity Rating: Important
Revision Note: V1.0 (May 8, 2012): Bulletin published.
Summary: This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
-
MS12-027 - Critical : Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2664258) - Version: 2.0
Severity Rating: Critical
Revision Note: V2.0 (April 26, 2012): Added Service Pack 1 versions of SQL Server 2008 R2 to the Affected Software and added an entry to the update FAQ to explain which SQL Server 2000 update to use based on version ranges. These are informational changes only. There were no changes to the security update files or detection logic. For a complete list of changes, see the entry to the section, Frequently Asked Questions (FAQ) Related to This Security Update.
Summary: This security update resolves a privately disclosed vulnerability in Windows common controls. The vulnerability could allow remote code execution if a user visits a website containing specially crafted content designed to exploit the vulnerability. In all cases, however, an attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website. The malicious file could be sent as an email attachment as well, but the attacker would have to convince the user to open the attachment in order to exploit the vulnerability.
-
MS12-028 - Important : Vulnerability in Microsoft Office Could Allow Remote Code Execution (2639185) - Version: 1.1
Severity Rating: Important
Revision Note: V1.1 (April 25, 2012): Added an entry to the update FAQ to explain why this update is offered to customers running Microsoft Office 2007 Service Pack 3.
Summary: This security update resolves a privately reported vulnerability in Microsoft Office and Microsoft Works. The vulnerability could allow remote code execution if a user opens a specially crafted Works file. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
news feeds 
United States : 
Unknown Browser