Microsoft Releases 23 Patches for Windows Services, Possible Attacks in 30 Days

Microsoft released a patch on Tuesday, May 8, which included 23 fixes across a number of services. The security flaws expose billions of Windows users to remote code execution attacks.

Among the 23 fixes are patches for Microsoft Office, Windows, Silverlight and the Microsoft .NET framework. Microsoft is urging users to pay attention MS12-034 - described as "critical" - that patches 10 security holes. The company expects working exploit code to be released within 30 days as three of the exploits have already been publicly revealed.

The update patches three publicly disclosed exploits and privately reported exploits across Office, Silverlight, Windows and .NET. The most severe of the exploits would allow remote code execution if a user opened a specific type of document which embeds TrueType font files. Attacks would convince users to visit a malicious Web site by clicking a link in an e-mail or Instant Messaging message.

Microsoft says the MS12-029 update should also be downloaded immediately, as the exploit allows machines to be controlled completely through a security flaw in Microsoft Word. The company warns users to be aware of malicious Web sites and e-mails.

A range of other updates are available. MS12-035 fixes exploits in the .NET framework. The exploit allows remote code execution is a user views a Web browser XAML browser applications. Microsoft says users who use account with less user rights could be affected less.

The MS12-030 updates resolves one publicly disclosed and five privately reported issues in Microsoft Office. Again, these could allow for remote code execution if a user opens a specifically crafted Office file and an attacker could gain the same users rights as a logged-in users. Less users rights also means less vulnerabilities, Microsoft says.

MS12-031 fixes another flaw in Office, allowing remote code execution if a Visio file is opened. The implications of an attack of the same as the 030 update.

The 032 update fixes one privately reported and one publicly reported in Microsoft Windows. If an attacker logs onto a system and runs a specific application, privileges could be increased.

Finally, the MS12-033 patches a privately reported exploit in Windows. Again privilege will be elevated if an attacker logs onto a system and runs a specific application. However, attackers must be able to log in locally and have valid credentials.

(reported by Jonathan Charles, edited by Dave Clark)

Microsoft Releases 23 Patches for Windows Services, Possible Attacks in 30 Days

Apple's $100M 'Fairness' Feud: Indonesia Demands More for iPhone 16 Ban Lift

'Dredge' Mobile Delayed 'Til 2025, But Closed Beta Opens for Fans

Huawei’s Tri-Foldable Mate XT Sparks National Pride in China Despite Expensive Price

iOS 18.1.1 Urgent Update: Apple Drops Emergency Update to Block Active Attacks

How to Use Some Hidden Camera Settings on Your iPhone

'Dredge' Mobile Delayed 'Til 2025, But Closed Beta Opens for Fans

Apple's $100M 'Fairness' Feud: Indonesia Demands More for iPhone 16 Ban Lift

How to Deep Clean Your iPhone's FineWoven Case: Should You Buy It in the First Place?

Google's Sneaky Update: Android 15 Beta Tweaked Ahead of Big Launch

How to Make Folders on iPhone: Why You Should Make One?

HTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration

iOS 7 Chrome Incognito mode leaks private searches due to bug

Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow

Microsoft Windows 8.1 now available for pre-order

Apple acknowledges iOS 7 iMessage issue, promises fix via upcoming software update

Galaxy S4, Galaxy S3, Galaxy Note 2 Android 4.3 update rollout confirmed by Samsung Canada and French SFR

Unlocked HTC One gets Android 4.3 Jelly Bean, U.S. and Canadian versions’ update slightly delayed

Samsung Galaxy S4, Galaxy S3, Galaxy Note 2 to get Android 4.3 Jelly Bean by year-end