A Bit of May Madness from Microsoft for May 2012 Patch Tuesday
Paul Henry - May 8th, 2012
The disruptive restarts and the wide range of platforms impacted by May’s bulletins will have IT teams scrambling to accomplish their flaw remediation tasks this month. Combine those with the workload from Oracle and others and many security pros may unfortunately not get a break this Memorial Day.
We have 7 bulletins this month; 3 critical and 4 important.
|Bulletin||KB||Disclosure||Aggregate Severity||Exploit Index||Max Impact||Deployment Priority||Notes|
|2681578||Public||Critical||1||RCE||1||All updates are required for each affected product.|
|2680352||Private||Critical||1||RCE||1||Does not affect Office 2010.|
|2693777||Private||Critical||1||RCE||2||Both MS12-035 and MS12-034 required for NETFX.|
|2663830||Public||Important||1||RCE||2||Multiple updates per product may be required.|
|2597981||Private||Important||1||RCE||2||Users should not open attachments from untrusted sources.|
|2690533||Private||Important||1||EoP||3||Requires local system access.|
|2688338||Public||Important||1||EoP||3||Elevation of privileges requires local system access.|
The most interesting of the patches is MS12-034 which seems to be a deeper dive by Microsoft to correct Truetype font issues. If you remember, this was an issue in the DuQu malware that was a problem last December.
With this Patch Tuesday, Microsoft has also included a killbit update for a Cisco active x control.It’s also interesting to note that last week, Microsoft released a partner from their Microsoft Active Protections Program, or MAPP, for reportedly leaking a vulnerability and proof-of-concept information. The firewall / IPS vendor is from China so honestly, what did Microsoft expect?
Patch Tuesday Issues Outside of Microsoft
According to a Forbes report, an estimated 10,000,000 credit cards have been breached at credit card processor, Global Payments sometime between Jan. 21, 2012 and Feb. 25, 2012. The card processer officially places the number of stolen credit cards much lower 1,500,000. Details are still sketchy on how the breach happened but it doesn’t look good.
Oracle released patches for 88 issues that impact over 35 Oracle products. An apparent misunderstanding by a security researcher reviewing the Oracle patch release has also led to the release of an exploit that remains unpatched. The vulnerability was originally reported to Oracle as far back as 2008. Upon release of the April CPU, Joxean Koret, the researcher that had originally found the vulnerability, came forward with additional details including a proof of concept exploit, fully expecting that a patch is now available. For more:
The Apple Flashback malware is reportedly now cash flowing for the bad guys – using an ad hacking scheme the bad guys are getting paid to redirect infected users to alternate destinations. Symantec estimates that with the size of the botnet, revenues could exceed $10,000 per day. With cyber criminals getting a taste of “the money” from Apple malware, we can safely assume more is on the way.
Another embarrassing Apple issue is the apparent release of a fix 3 months ago by Apple that left a debug option enabled in FileVault. This caused passwords to be saved in plain text in a log file outside of the encrypted area. The issue affects FileVault users who upgraded from Snow Leopard (OSX 10.6) to Lion 10.7.3, but did not migrate to FileVault 2. Worse yet for those users that are using Time Machine for backups – their passwords may have been repeatedly store in Time Machine unencrypted. Pending a patch from Apple, Lion users should immediately activate FileVault 2, which can be found in the Security & Privacy setting in System Preferences. Click the FileVault tab to enable.
Apple – Microsoft
Last month we saw Apple QuickTime malware impacting Windows PC’s running the Apple software. This period we see Microsoft Office software issues impacting Apple computers. The issue impacts older unpatched Apple computers. Apparently not promptly installing patches is not an issue that is exclusive to Microsoft software users.