Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Microsoft Patch Tuesday - SANS Internet Storm Center Microsoft Patch Tuesday


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Patch Tuesday 2012-05-08

MS12-029
Title Microsoft Word RTF Import
Replaces MS10-079, MS11-089, MS11-094
Affected Microsoft Word 2003 and 2007
KB KB2680352
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2012-0183 1
MS12-030
Title Microsoft Office Remote Code Execution Vulnerabilities
Replaces MS11-072, MS11-089, MS11-094, MS11-096
Affected Microsoft Excel 2003/2007/2010
KB KB2663830
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2012-0141 3
2012-0142 3
2012-0143 1
2012-0184 1
2012-0185 2
2012-1847 1
MS12-031
Title Visio Viewer 2010 Remote Code Execution Vulnerability
Replaces MS12-015
Affected Microsoft Visio Viewer 2010
KB KB2597981
Known Exploits No
Microsoft Rating Important
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2012-0018 1
MS12-032
Title TCP/IP Elevation of Privilege and Firewall Bypass Vulnerability
Replaces MS11-083
Affected TCP/IP, Windows Firewall
KB KB2597981
Known Exploits No
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2012-0174 1
MS12-033
Title Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege
Replaces
Affected Plug and Play (PnP) Configuration Manager Vulnerability
KB KB2690533
Known Exploits Yes
Microsoft Rating Important
ISC Client Rating Important
ISC Server Rating Important
CVE Exploitability
2012-0178 0
MS12-034
Title Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight
Replaces MS11-029, MS12-018
Affected Microsoft Windows, Microsoft .NET Framework, Microsoft Silverlight, Microsoft Office
KB KB2681578
Known Exploits Yes
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2012-0159 1
2012-0162 1
2012-0164 1
2012-0165 2
2012-0167 1
2012-0176 1
2012-0180 1
2012-0181 1
2012-0184 1
2011-3402 1
MS12-035
Title .Net Framework Remote Code Execution
Replaces MS11-044, MS11-078, MS12-016
Affected .NET Framework
KB KB2693777
Known Exploits No
Microsoft Rating Critical
ISC Client Rating Critical
ISC Server Rating Critical
CVE Exploitability
2012-0160 1
We will update issues on this page for about a week or so as they evolve. We appreciate your updates!
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.