Microsoft will release three critical patches on Patch Tuesday tomorrow to fix remote code execution flaws in Office, Windows, the .NET Framework and Silverlight. Four other patches were rated as important and would fix remote code execution flaws in Office and elevation of privilege vulnerabilities in Windows. According to Microsoft Security Bulletin Advance Notification for May 2012 published on May 3, 2012, Microsoft is going to patch 23 security holes present in all versions of their flagship operating system Microsoft Windows (including the newest Windows 7 and Windows Server 2008 R2), their productivity suite Microsoft Office, Microsoft Silverlight, and Microsoft .NET Framework.
Qualys CTO said Wolfgang Kandek the bulletins would be the highest-priority for IT admins. “Bulletin one also affects Office for the Macintosh, but is rated only important on that platform, Bulletins four and five will also cover Office, and while they are ranked as important, they provide fixes for remote code execution vulnerabilities. They should be considered a high priority as bulletin four affects the free Excel viewer and bulletin five the free Visio viewer, giving us a clue as to what file formats contain the weaknesses.”
Microsoft expects to ship the patches by 1:00 PM Eastern on Tuesday May 8, 2012. Microsoft as usual will also host a webcast to address customer questions on the security bulletins on May 9, 2012, at 11:00 AM Pacific Time (US & Canada).