Microsoft’s been quite busy lately. You would be too if you had to release 23 security fixes in May and the month is not even halfway over. Moreover, the security patches covered a wide range of the Redmond WA software giant’s portfolio of operating systems and applications. All told, the 23 security patches were covered in seven bulletins. Of these seven, three were rated as “critical”-meaning they have to be installed immediately. The other four were rated as “important.” All the bulletins fixed vulnerabilities where a remote attacker can execute code remotely. Quite a serious threat. While none of the vulnerabilities fixed by the patches are currently being targeted by trojans or malware currently in circulation, Microsoft did say that exploit code for 18 of the vulnerabilities are likely to be developed.
The highest priority patch in the recently released pack involved the RTF Mismatch Vulnerability (MS12-029). This fix patches a Rich Text Format file flaw through Microsoft Office 2003 and 2007. The flaw enables a remote attacker to take control of a user’s computer. What is extremely troubling is that there is no need for user input is needed. Normally, malware for productivity suites require input from the user. This vulnerability can be triggered just by viewing a file through Microsoft Outlook’s preview window. Microsoft Office for Mac 2011 is listed as one of the programs affected by this vulnerability. This incident clearly highlights the fact that Mac users need to be vigilant about security updates raised by third-party developers (in this case, Microsoft). As we reported earlier, due to a high false level of security on the part of many Mac users, they did not update their systems and were victimized in a recent attack using Microsfot Word for Macs which exploited a vulnerability that was detected a long time ago.
Other patches also addressed the previously detected True Type Fonts vulnerability and extended it to Windows, .NET, Office, and Silverlight. Excel also fixed some memory corruption issues in Excel and Vision.