On this, the second Tuesday of the month, Microsoft has issued seven security bulletins for Patch Tuesday. Three of the bulletins are rated critical, and the other four are rated important. The seven combined address 23 separate vulnerabilities impacting Microsoft Windows, Office, Silverlight, and the Net Framework. Customers should plan to install all of these updates as soon as possible.
Among the most critical is MS12-034 -- which affects Microsoft Office, Windows, Net Framework, and Silverlight, involves exploits that can be conducted via browser, email, file sharing or similar attack -- and can result in remote code execution, elevation of privilege, or denial of service.
“MS12-034 is the largest security bulletin I've seen Microsoft put out,” Jason Miller, R&D manager at VMware, told CRN. He goes on to explain that "The sheer size of this thing is immense because they are covering a lot of products and a lot of operating systems. There are about 120 types of product/service packs combinations where this patch would be applicable and there are 39 different patches associated with this one bulletin. So this is going to be all over the network. Pretty much all of your machines are going to be involved.”
Interestingly, these vulnerabilities stem from an earlier issue resolved by Microsoft last year.
The remote code-execution vulnerability used against Microsoft Office, Windows and Net Framework tie back to the TTF vulnerability used by Duqu,” said Joseph Chen, engineering director for security technology and response at Symantec, in a statement. "We recently found a new Duqu sample showing that the threat is still active. Microsoft has provided some further patching, in addition to the already issued patch for the vulnerability at the end of 2011.”
NEXT: MS12-029 Rated Critical