May 9, H Security – (International) Microsoft Patch Tuesday more extensive than anticipated. Microsoft released 7 bulletins to close 23 vulnerabilities on its May Patch Tuesday. The total number of bulletins belies the scope of the patches, however, as the combined update MS12-034 closes holes in numerous products. The reason for this is a critical hole in the code for processing TrueType fonts exploited by the Duqu spyware in 2011. The hole was closed in the Windows kernel on the December Patch Tuesday; however, Microsoft has since used a code scanner to track the vulnerable code in many other components; among them is the gdiplus.dll library, which is used by various browsers to render Web fonts. Some of the vulnerable files contained further holes Microsoft also patched within the same bulletin — meaning this update fixes many other flaws as well as the original vulnerability. It closes holes in all currently supported versions of Windows (from XP SP3 onwards, including Server), Office, the .NET framework, and Silverlight. These “bonus” holes include three privilege escalation problems in the Windows kernel, including flaws in the code for processing keyboard layouts. Bulletin MS12-029 closes a critical hole in the code for processing RTL documents. It affects Office 2003, 2007, as well as Office Compatibility Packs SP2 and 3. The vulnerability was also closed in Office for Mac 2008 and 2011. Bulletin MS12-035 addresses two critical holes in the .NET framework. The remaining four bulletins fix holes that have the second highest threat rating by Microsoft, “important.” These vulnerabilities affect Office, Visio Viewer 2010, the Windows partition manager, and the Windows firewall and TCP stack.- 19 -
