Microsoft May Security Update

Source: Internet
Author: User
Keywords Microsoft hacker attacks office vulnerabilities
Tags application based bulletin code computer controlled file framework

Absrtact: In the early hours of May 9, Microsoft routinely released 7 security patches to the world this month, fixing multiple high-risk severity levels of Windows, Office,. NET framework, and silver light. One of the serious vulnerabilities in office can cause the system to be fully controlled.

In the early hours of May 9, Microsoft routinely released 7 security patches to the world this month, fixing multiple high-risk severity levels for components such as Windows, Office, the. NET framework, and silver light, where serious vulnerabilities in office can lead to complete system control. Jinshan Guardian said the first time to push the May security update, please install the first time repair.

Microsoft's security bulletin this month shows that of the 7 patches released this month, 5 patches are related to patching Office components. One of the severity-level office vulnerabilities can cause Windows to be fully controlled. Attackers exploit these vulnerabilities to make special Office documents, and vulnerable systems double hit the document to run malicious programs, allowing the computer to be fully controlled by hackers.

Early in May, Adobe Flash's security vulnerabilities also caused office systems to be involved, with attackers inserting flash files (. swf format) with attack code in Office documents. Attacked computer if Adobe Flash Player-related components are not updated, opening doc files can cause the computer to be fully controlled or to download an attacker-specified backdoor. Currently, Doc documents that exploit this vulnerability are already appearing on the Internet.

This month's patch fixes 7 security vulnerabilities for Microsoft Windows, Microsoft Office,.net Framework, and silver light. The operating systems affected by ordinary netizens include Windows XP to versions of Windows 7, each version of Office, and Windows 8 is temporarily unaffected.

A security vulnerability is the most direct attack channel for hackers, and as the performance of the Security software defense system improves, the likelihood that an attacker can launch a mass attack is decreasing, but targeted precision attacks occur frequently. Timely remediation of system vulnerabilities is a necessary means to prevent hacker attacks.

Golden Hill Guardian has been the first time to release updates, please see the Golden Hill guardian of the vulnerability after the message, click on "One key repair" quick fix the loophole.

Attached: Microsoft May Patch Information

1. Vulnerability in Microsoft Word could allow remote code execution

Safety Bulletin: ms12-029;

KB number: KB2598332, KB2596917

Level: Serious

Description: This security update resolves a privately reported vulnerability in Microsoft Office. If a user opens a specially crafted RTF file, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could obtain the same user rights as the current user.

Impact System: Microsoft Office 2003 Service Pack 3, Microsoft Office 2007 Service Pack, Microsoft Office 2007 Service Pack 3

2. Vulnerability in Windows Could allow remote code execution

Security Bulletin: ms12-030

KB number: KB2597086, KB2597161, KB2597166, KB2597969, KB2553371, KB2596842

Level: Important

Description: This security update resolves a publicly disclosed and five secret reported vulnerability in Microsoft Office. If a user opens a specially crafted Office file, these vulnerabilities could allow remote code execution. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user.

Impact Systems: System-wide, office, Microsoft. NET Framework

3. Vulnerability in Microsoft Visio Viewer could allow remote code execution

Security Bulletin: ms12-031

KB ID: KB2597981

Level: Important

Description: This security update resolves a privately reported vulnerability in Microsoft Office. If a user opens a specially crafted Visio file, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could obtain the same user rights as the current user.

Impact System: VISIO2010

Vulnerability in 4.TCP/IP could allow elevation of privilege

Security Bulletin: ms12-032

KB ID: KB2688338

Level: Important

Description: This security update resolves a public disclosure and a secret report vulnerability in Microsoft Windows. More serious, these vulnerabilities can allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.

Impact System: Windows Vista Service Pack 2, Windows Vista x64 Edition Service Pack 2, Windows 7 for 32-bit Bae, Windows 7 for 32-bit BAE Service Pack 1, Windows 7 for x64-based Bae, Windows 7 for x64-based BAE Service Pack 1

5. Vulnerability in Windows Partition Manager may allow elevation of privilege

Security Bulletin: ms12-033

KB ID: KB2690533

Level: Important

Description: This security update resolves a privately reported vulnerability in Microsoft Windows. If an attacker logs on to the system and runs a specially crafted application, the vulnerability could allow elevation of privilege.

Impact System: Windows Vista Service Pack 2, Windows Vista x64 Edition Service Pack 2, Windows 7 for 32-bit Bae, Windows 7 for 32-bit BAE Service Pack 1, Windows 7 for x64-based Bae, Windows 7 for x64-based BAE Service Pack 1

6. Federated security Update: Includes Office, Microsoft. NET Framework, Silverlight

Security Bulletin: ms12-034

KB number: KB2659262, KB2676562, KB2686509, KB2658846, KB2660649, KB2658846, KB2656407, KB2656409, KB2656410, KB2656411, KB2656405, KB2598253, KB2596672, KB2589337

Level: Serious

Description: This security update resolves three publicly disclosed vulnerabilities and seven secret reported vulnerabilities, the most serious of which could allow remote code execution.

Impact System: Windows, Office, Microsoft. NET Framework, Silverlight

7. Vulnerabilities in the. NET framework could allow remote code execution

Security Bulletin: ms12-035

KB number: KB2604042, KB2604044, KB2604078, KB2604092, KB2604094, KB2604110, KB2604105, KB2604111, KB2604115, KB2604114, KB2604121

Level: Serious

Description: This security update resolves two privately reported vulnerabilities. NET Framework. If a user views a specially crafted Web page, using a Web browser, a XAML browser application (XBAP) can be run, and a vulnerability on the client system could allow remote code execution.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.