Microsoft Products Get 'Critical' RCE Fixes in May Security Patch

Microsoft's May security update arrived today with three bulletin items classified "critical" and four "important."

This month's patch features remote code execution (RCE) fixes -- accounting for five of the seven items, including all three of the critical bulletins. The three critical bulletin items should be applied as soon as testing has been completed. However, security experts are highlighting two of those bulletins as top priority. They address flaws that can affect both Microsoft and Apple OS platforms.

"This summary continues a trend we've seen lately for cross-platform attacks; several of the bulletins affect both Windows and Mac platforms," said Wolfgang Kandek, CTO of security firm Qualys, in a blog post. "This includes two of the critical bulletins, which is a big deal because Macs are more frequently being targeted with these exact attack vectors."

The top-priority item this month is bulletin MS12-034, which fixes seven privately disclosed flaws in Windows, Office,             Silverlight and .NET Framework. According to Microsoft, this critical bulletin will address "the manner in which affected components handle specially crafted TrueType font files and by correcting the manner in which GDI+ validates specially crafted EMF record types and specially crafted EMF images embedded within Microsoft Office files."

Coming in at second for IT's priority consideration this month is bulletin MS12-029 -- a Microsoft Office critical fix that patches an issue in which attackers could modify how Office parses formatted data. If left unpatched, an attacker could gain a user's access rights once the user opens an infected RTF file.

Due to the increased risk of infection to Apple systems, Marcus Carey, security researcher at Rapid7, is warning that those running a Mac version of Office may be at higher risk of attack.

"In light of the recent uptick in Mac vulnerability reporting, I suspect we will be hearing about this in the future if Mac users fail to patch this vulnerability," said Carey. "Mac users should start paying more attention to third-party updates such as Word and Java that directly affect their security."

The final critical item for May's security update -- bulletin MS12-035 -- deals specifically with two privately reported issues in Microsoft's .NET Framework. Users running a Web browser that can run XAML Browser Applications (XBAPs) could be at risk of a system hijack when visiting a specially crafted Web site. While bulletin MS12-034 also affects the .NET Framework, Microsoft said that the two fixes are not related, and either can be applied in any order.

Microsoft's remaining bulletins for May include the following important-categorized items:

  • MS12-030: This bulletin patches one publicly disclosed and five privately found errors in multiple versions of Microsoft Office that could lead to an RCE attack if a harmful Office document is opened. It's just classified as important because Office will prompt a user first before opening a new file.
  • MS12-031: Microsoft's Visio Viewer 2010 gets a rare fix this month for a vulnerability associated with how it validates data when parsing harmful Visio files. Left unpatched, the flaw could open up a user to an RCE exploit if a harmful file is opened.
  • MS12-032: The first non-RCE-related item fixes two holes in Windows affecting "the way that Windows Firewall handles outbound broadcast packets and by modifying the way that the Windows TCP/IP stack handles the binding of an IPv6 address to a local interface," according to Microsoft. If unpatched, an attacker with local access to a system could initiate an elevation of privilege.
  • MS12-033: This month's final item, which also takes care of an elevation-of-privilege vulnerability, affects multiple versions of the Windows client OS and Windows Server.  An attacker could install a harmful app using a memory flaw in the Windows Partition Manager. However, an attacker must have access to, and know the valid logon credentials of, a targeted system.

More information on all of Microsoft's updates for May can be found in the Microsoft Security Update Summary.


About the Author

Chris Paoli is the site producer for and


  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus