Connect with us

Hi, what are you looking for?



Microsoft Plugs 23 Security Holes in May Patch Tuesday Update

Security researchers are warning Microsoft customers to keep their eyes on the critical bulletins in this month’s Patch Tuesday update.

Security researchers are warning Microsoft customers to keep their eyes on the critical bulletins in this month’s Patch Tuesday update.

“Bulletin MS12-029 is the most likely to be exploited,” Wolfgang Kandek, CTO of Qualys, told SecurityWeek. “It fixes a vulnerability in the RTF file format and can be executed in the preview pane of Microsoft Outlook in the Office suites 2003 and 2007. Since the preview pane does not require any user interaction, no opening of files, just going through the incoming e-mail, this vulnerability has the most potential to be exploited widely.”

Microsoft MS12-029 is just one of three critical bulletins in this release. All totaled, Microsoft issued patches to address 23 security bugs across its product line. However, the company is recommending administrators turn their attention to two of the seven bulletins first – MS12-034 and MS12-029. According to Microsoft, MS12-029 addresses a critical bug in Microsoft Office that could lead to remote code execution if the victim opens or previews a malicious RTF (Rich Text Format) file using a vulnerable version of Microsoft Office. An attacker could exploit the vulnerability by sending someone specially-crafted RTF-formatted data in an email message.

“The vulnerability could be exploited when the specially crafted RTF email message is previewed or opened in Outlook while using Microsoft Word as the email viewer,” according to the company. “An attacker could also exploit the vulnerability by sending a specially-crafted RTF file as an attachment and convincing the user to open the specially crafted RTF file. Note that by default, Microsoft Word is the email reader in Outlook 2007. In a web-based attack scenario, an attacker could host a website that contains an Office file that is used to attempt to exploit this vulnerability.”

MS12-034 includes 10 fixes across several product lines that were bundled together as part of an update meant to put the finishing touches on a vulnerability exploited by the infamous Duqu malware. Believed to be related to Stuxnet, Duqu was spotted in September exploiting a vulnerability affecting Microsoft Word. Though the company patched the bug with MS11-087, other Microsoft products were discovered to contain the same vulnerability as well.

“At first glance, MS12-034 may seem to be addressing a number of unrelated vulnerabilities in unrelated products,” blogged Jonathan Ness, from Microsoft Security Response Center Engineering. “For example, why would a keyboard layout handling vulnerability be addressed in the same update as a Silverlight issue? However…we needed to address the font parsing vulnerability (CVE-2011-3402) in a number of different products.”

“As each new product was added to the security update package, the vulnerabilities planned-to-be-addressed in the same binary were also included,” he continued. “Addressing CVE-2011-3402 required us to service ogl.dll, gdiplus.dll, win32k.sys, Silverlight, .NET Framework, etc. Because gdiplus.dll was being addressed, several other fixes that were scheduled to be released in the same binary were looped in to this update.”

“MS12-034 is sheer craziness—it’s going to be the most interesting and most painful part of the day for most IT security teams,” said Tyler Reguly, technical manager security research and development at nCircle. “There are multiple Office and .NET patches due to the overlap of products in this bulletin. When you get past MS12-034, it’s a fairly normal month with the expected local privilege escalation issues and Office patches.”

Advertisement. Scroll to continue reading.

The third critical bulletin is MS12-035, which patches two critical vulnerabilities in the .NET Framework that could allow an attacker to execute code if a victim views a specially-crafted webpage using a Web browser that can run XAML Browser Applications (XBAPs).

“On desktop systems organizations should install as quickly as possible the MS12-029, and the two other Office based vulnerabilities plus the XBAP fix, as they address the easiest attack vectors,” Kandek said. “All others can wait a little longer if that helps the organizations change management. MS12-034 contains patches for many of Microsoft’s software packages and it makes sense to perform additional test cycles to see if any compatibility issues occur.”

The remaining security bulletins are rated ‘important’ and address issues in Microsoft Windows and Microsoft Office, and deal with remote code execution and privilege escalation issues.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.