Microsoft patches 23 Windows flaws, warns of risk of code execution attacks - Polidicks

[QUOTE]The Patch Tuesday batch for May 2012 covers at least 23 documented vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework and Microsoft Silverligh[/QUOTE] [QUOTE]Microsoft wheeled out another batch of security patches today to fix multiple dangerous security flaws that expose billions of Windows users to remote code execution attacks. The Patch Tuesday batch for May 2012 covers at least 23 documented vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework and Microsoft Silverlight. The company is urging Windows users to pay special attention to MS12-034, a “critical” bulletin that patches 10 distinct security holes. Three of these vulnerabilities have already been publicly disclosed and Microsoft expects to see working exploit code released within 30 days. The vulnerable code in the MS12-034 bulletin is linked to the Duqu malware that was used to spy on high-profile targets in Iran. Some details: MS12-034 (Microsoft Office, Windows, .NET Framework, and Silverlight): This security update resolves three publicly disclosed vulnerabilities and seven privately reported vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType font files. An attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website. Microsoft is also highlighting MS12-029 as another high-priority update that should be deployed immediately. This bulletin, also rated critical, addresses a security flaw in Microsoft Word that could be exploited by hackers to take complete control of a vulnerable machine. Attack vectors for this issue include maliciously crafted websites and email, the company said. Here’s a glimpse at the rest of this month’s updates: MS12-035: This security update resolves two privately reported vulnerabilities in the .NET Framework. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. MS12-030: This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft Office. The vulnerabilities could allow remote code execution if a user opens a specially crafted Office file. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. MS12-031: This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Visio file. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. MS12-032: This security update resolves one privately reported and one publicly disclosed vulnerability in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. MS12-033: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.[/QUOTE] [url]http://www.zdnet.com/blog/security/microsoft-patches-23-windows-flaws-warns-of-risk-of-code-execution-attacks/12001?tag=nl.e589[/url] 100MB, start up Windows Update!

I aint starting shit until these patches have been out at least a week.

I applied this update yesterday I feel secure

My computer applied this update without my consent, interrupting and canceling a 600 mb download. Thanks.

Now if only i could install sp1 for 7.

Updating now.

[QUOTE=The Pretender;35892754]My computer applied this update without my consent, interrupting and canceling a 600 mb download. Thanks.[/QUOTE] Real men stream porn.

Oh so that's why it went "Installing 21 updates" before I could shut down yesterday. It always does that when you're packing up your laptop to move.

[QUOTE=Clavus;35893692]Oh so that's why it went "Installing 21 updates" before I could shut down yesterday. It always does that when you're packing up your laptop to move.[/QUOTE] It always has a billion updates when I'm trying to shut my computer off in a hurry, like in a bad storm.

[img]http://puu.sh/tRkl[/img] I should probably turn this on sometime.

I just have it set to let me know about updates but only install when I tell it to. No brainer.

Windows update? My PC doesn't even know this feature exists, I shut that shit off the instant I got my PC. I always manually update, and only after I know the updates aren't broken

Last time i updated my pc was yesterday. Time before that? This day, last year.

Odd. My computer doesn't seem to have noticed this update yet... Edit: Also just noticed one or two failed updates my computer apparently didn't mention (just checked logs) Any way I can get it to re-try those? Or will those still be in my important updates list for next time it updates?

Why is everyone in a panic about updating? You are only vulnerable to this exploit if you have remote desktop (RDP) enabled, which most home machines shouldn't.

Gee, maybe I should actually install the 1.2GB of updates I've held off on for about a year and a half...

I hate shutting down my pc when I have at least 20-30 updates to install. Just want to go to bed, Microsoft, leave me alone!!!!

I haven't updated in a few [B]years.[/B]

[QUOTE=supertribute;35895950]I hate shutting down my pc when I have at least 20-30 updates to install. Just want to go to bed, Microsoft, leave me alone!!!![/QUOTE] Sounds like you need a better case if you have tons of blinking LED's and jet engine fans.

I'm not updating my PC after LAST TIME. Last time, Windows Update screwed up my PC, I forgot what it was, a service pack of some kind maybe? I dunno, but I had to spend hours restoring and trying to figure out how to undo the update. Haven't updated since

Windows Update wouldn't work for me anyway. It wouldn't bother to download any of the updates and it gets stuck at the "installing updates" screen when I shut it down.

That explains all those updates...

Haven't updated to SP1 and won't until they fix it, keeps fucking with my harddrive.

[QUOTE=Spool;35896401]Haven't updated to SP1 and won't until they fix it, keeps fucking with my harddrive.[/QUOTE] I have SP1 and have had no problems with it. Strange how it fucks up your harddrive.

How the hell do you all have so many problems with Windows Update?

[QUOTE=Spool;35896401]Haven't updated to SP1 and won't until they fix it, keeps fucking with my harddrive.[/QUOTE] pretty sure your hdd is the problem bud

[QUOTE=Sanius;35897375]pretty sure your hdd is the problem bud[/QUOTE] I updated to SP1 on a budget rig and I had to reinstall Windows 7, kept getting I/O errors on boot. Thats the only time Windows update screwed me over so I had to do it manually.

You shouldn't be having problems with Windows Update any more. MS fixed a lot of the problems with it (incomplete update installations, shitty updates that kill your install), if an update does fail at any point during install now it rolls back to before the update, and works normally. Any problems caused are either due to hardware failure, an external piece of software interfering, or a genuinely broken update (hasn't been one for a while).

[QUOTE=zzaacckk;35895781]Why is everyone in a panic about updating? You are only vulnerable to this exploit if you have remote desktop (RDP) enabled, which most home machines shouldn't.[/QUOTE] oh fuck EDIT: there bam problem solved :v:

I've never had a problem with Windows Update, at all, with Vista or 7. WinXP on the other hand has given me so much grief with updates. I remember when Zonealarm firewall caused a BSoD when it was installed at the same time as a certain XP patch. And since I had Zonealarm installed on the pc's of about a dozen family members... Yeah, that was a fun week. The only problem I've had with my pc recently was Accidentally having two anti-virus programs installed (Avast and MSE) causing a HDD deadlock on read operations (well documented issue, thankfully).