The Microsoft Security Bulletin Summary for May 2012 contains 7 bulletins: three rated “critical” and the rest “important”. This summary continues a trend we’ve seen lately for cross-platform attacks; several of the bulletins affect both Windows and Mac platforms. This includes two of the critical bulletins, which is a big deal because Macs are more frequently being targeted with these exact attack vectors. We also see a strong emphasis on attackers relying on social engineering-based attacks that involve tricking users into opening malicious files or webpages in order for the attack to work.
MS12-029 – rated critical – applies for all supported editions of Microsoft Word 2007. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file. This would be a result of a successful spear phishing attack where an attacker gets the victim to open a file or visit a malicious website. This security update affects all supported editions of Microsoft Word 2003, Microsoft Office 2008 for Mac, and Microsoft Office for Mac 2011. In light of the recent uptick in Mac vulnerability reporting, I suspect we will be hearing about this in the future if Mac users fail to patch this vulnerability. Mac users should start paying more attention to third party updates such as Word and Java that directly affect their security.
MS12-034 is a critical bulletin that a resolves three publicly disclosed vulnerabilities and seven privately reported vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework, and Microsoft Silverlight. A victim could be compromised if they are duped into opening a malicious document or a web page that embeds TrueType font files. This is another situation where Silverlight is cross-platform and installed on many PCs and Macs for online services, primarily Netflix. Silverlight runs on about 67% of systems on the Internet.
MS12-035 is a critical vulnerability relating to the .NET Framework and allowing remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). An attacker would be limited to the user privilege level. Administrator can also disable XBAPs were applicable to mitigate future attack vectors such as this.
MS12-030 is an important for all supported editions of Microsoft Excel 2003, Microsoft Excel 2007, Microsoft Office 2007, Microsoft Excel 2010, Microsoft Office 2010, Microsoft Office 2008 for Mac, and Microsoft Office for Mac 2011. An successful attacker would be limited by the privileges of their victim.
MS12-031 is rated important and affects all supported editions of Microsoft Visio Viewer 2010. Visio View is sort of comparable to Adobe Reader for Visio documents, enabling users to view things like network diagrams and such. It's interesting since it’s a free product and has traction in system administration and network engineering communities. Based on that user profile a successful exploit of these types of users would be a prized target for an attacker.
MS12-032 & MS12-033 are local elevation-of-privilege vulnerabilities. A malicious user or attacker can run local exploits to gain administrative privileges with both of these. These type of vulnerabilities would be chained to other attack vectors such as MS12-030 or MS12-035 to give an attacker full access to a victim's system.