Microsoft on Tuesday issued seven security bulletins to address 23 vulnerabilities in its products. Redmond rated eight of those vulnerabilities critical, four are rated important -- and one of them is causing IT admins plenty of confusion.
"The remote code-execution vulnerability used against Microsoft Office, Windows and .NET Framework tie back to the TTF vulnerability used by Duqu," said Joseph Chen, engineering director of Security Technology and Response at Symantec. "We recently found a new Duqu sample showing that the threat is still active. Microsoft has provided some further patching, in addition to the already issued patch for the used vulnerability at the end of 2011."
Symantec also reports a much larger patch of vulnerabilities affecting Microsoft Excel. Chen said the patches are rated important rather than critical because the user still gets a prompt to download or open the malicious content rather than it infecting automatically, but it could still be used as a targeted attack.
"The .NET vulnerabilities are also prominent in this month's patches," Chen said. "Exploits for this vulnerability are likely to be hosted as drive-by downloads on maliciously created or otherwise compromised Web sites. So, as always we strongly advise avoiding sites of unknown or questionable integrity, to protect from attacks seeking to use these security holes."
The Confusion Factor
We caught up with Andrew Storms, director of security operations at nCircle, to get his thoughts on the latest round of patches. He told us May offers a mixed bag of bulletins and MS12-034 stands out for its confusion factor.
"This bulletin affects a hodgepodge of products including Windows, .NET, Silverlight and Office, and dissecting its contents has the potential to make IT security teams heads explode," Storms said. "The core of this bug fix is related to the vulnerabilities leveraged by Duqu -- a problem Microsoft fixed last year -- so this bulletin also replaces a half-dozen previously released bulletins. This is going to give the patch management folks some serious heartburn."
Evidently, Storms said, Microsoft discovered that the same bits of bad code that were fixed in MS11-087 last year were copied and pasted into other applications and they needed to fix those, too. Since other changes were pending for those applications, he noted, all kinds of other bug fixes not related to Duqu are bundled into this bulletin.
"Microsoft's careful due diligence and adherence to their strict update processes may end up causing more confusion than clarity with this fix," Storms said. "It's probably best not to spend too much time analyzing -- just install the patch as soon as you can, and then move on." (continued...)