Hello,

Have you ever wondered why bulletins group particular issues together? Or one set of products and not another? Well today Jonathan Ness has posted an insightful Security Research & Defense (SRD) blog discussing some of the nuances and packaging decisions that went into MS12-034. This is a particularly interesting case to dive into and will give readers a better appreciation for the bulletin management process here at Microsoft.

For Update Tuesday we’re releasing seven security bulletins – three Critical-class and four Important – addressing 23 issues in Microsoft Windows, Office, Silverlight, and the .NET Framework. Customers should plan to install all of these updates as soon as possible. For those who must prioritize deployment, we recommend focusing on the following two critical updates first:

  • MS12-034 (Microsoft Office, Windows, .NET Framework, and Silverlight): This security update addresses 10 issues affecting a cross section from Microsoft Windows , Office, Silverlight, and the Microsoft .NET Framework. The maximum severity for these issues is Critical and could result in remote code execution. To ensure protection all updates from this bulletin must be applied. We recommend that customers read through the bulletin information concerning MS12-034 and apply it as soon as possible.
  • MS12-029 (Microsoft Word): This security update addresses one Critical issue affecting Microsoft Office that could result in remote code execution. Attack vectors for this issue include maliciously crafted websites and email. We recommend that customers read through the bulletin information concerning MS12-029 and apply it as soon as possible.

Please watch the video below for details about this month's bulletins:

As always, we recommend that customers deploy all security updates as soon as possible. Below is our deployment priority guidance to further assist customers in their deployment planning (click for larger view).

Deployment Priority

Our risk and impact graph shows an aggregate view of this month's severity and exploitability index (click for larger view).

Exploitability Index

You can find more information about this month's security updates on the Microsoft Security Bulletin Summary web page.

Per our usual process, we’ll offer the monthly technical webcast on Wednesday, hosted by Pete Voss and Dustin Childs. I invite you to tune in and learn more about the May security bulletins, as well as other announcements made today. The webcast is scheduled for Wednesday, May 9, at 11 A.M. PDT. Click here to register.

Thanks,
Yunsun Wee
Director
Microsoft Trustworthy Computing