HEAT Security Blog

A Bit of May Madness from Microsoft for May 2012 Patch Tuesday

The disruptive restarts and the wide range of platforms impacted by May’s bulletins will have IT teams scrambling to accomplish their flaw remediation tasks this month. Combine those with the workload from Oracle and others and many security pros may unfortunately not get a break this Memorial Day.

We have 7 bulletins this month; 3 critical and 4 important.

Bulletin KB Disclosure Aggregate Severity Exploit Index Max Impact Deployment Priority Notes
2681578 Public Critical 1 RCE 1 All updates are required for each affected product.
2680352 Private Critical 1 RCE 1 Does not affect Office 2010.
2693777 Private Critical 1 RCE 2 Both MS12-035 and MS12-034 required for NETFX.
2663830 Public Important 1 RCE 2 Multiple updates per product may be required.
2597981 Private Important 1 RCE 2 Users should not open attachments from untrusted sources.
Partition Mgr.
2690533 Private Important 1 EoP 3 Requires local system access.
2688338 Public Important 1 EoP 3 Elevation of privileges requires local system access.

The highest priorities this month should be MS12-34 and MS12-029. Those should be followed by MS12-035, MS12-030, MS12-031, MS12-033 and MS12-032.

The most interesting of the patches is MS12-034 which seems to be a deeper dive by Microsoft to correct Truetype font issues. If you remember, this was an issue in the DuQu malware that was a problem last December.

With this Patch Tuesday, Microsoft has also included a killbit update for a Cisco active x control.It’s also interesting to note that last week, Microsoft released a partner from their Microsoft Active Protections Program, or MAPP, for reportedly leaking a vulnerability and proof-of-concept information. The firewall / IPS vendor is from China so honestly, what did Microsoft expect?

Patch Tuesday Issues Outside of Microsoft

According to a Forbes report, an estimated 10,000,000 credit cards have been breached at credit card processor, Global Payments sometime between Jan. 21, 2012 and Feb. 25, 2012. The card processer officially places the number of stolen credit cards much lower 1,500,000. Details are still sketchy on how the breach happened but it doesn’t look good.


Oracle released patches for 88 issues that impact over 35 Oracle products. An apparent misunderstanding by a security researcher reviewing the Oracle patch release has also led to the release of an exploit that remains unpatched. The vulnerability was originally reported to Oracle as far back as 2008. Upon release of the April CPU, Joxean Koret, the researcher that had originally found the vulnerability, came forward with additional details including a proof of concept exploit, fully expecting that a patch is now available. For more:
[1] http://seclists.org/fulldisclosure/2012/Apr/343
[2] http://seclists.org/fulldisclosure/2012/Apr/204


The Apple Flashback malware is reportedly now cash flowing for the bad guys – using an ad hacking scheme the bad guys are getting paid to redirect infected users to alternate destinations. Symantec estimates that with the size of the botnet, revenues could exceed $10,000 per day. With cyber criminals getting a taste of “the money” from Apple malware, we can safely assume more is on the way.

Another embarrassing Apple issue is the apparent release of a fix 3 months ago by Apple that left a debug option enabled in FileVault. This caused passwords to be saved in plain text in a log file outside of the encrypted area. The issue affects FileVault users who upgraded from Snow Leopard (OSX 10.6) to Lion 10.7.3, but did not migrate to FileVault 2. Worse yet for those users that are using Time Machine for backups – their passwords may have been repeatedly store in Time Machine unencrypted. Pending a patch from Apple, Lion users should immediately activate FileVault 2, which can be found in the Security & Privacy setting in System Preferences. Click the FileVault tab to enable.

Apple – Microsoft

Last month we saw Apple QuickTime malware impacting Windows PC’s running the Apple software. This period we see Microsoft Office software issues impacting Apple computers. The issue impacts older unpatched Apple computers. Apparently not promptly installing patches is not an issue that is exclusive to Microsoft software users.