STE WILLIAMS

It’ll be all hands to the pumps in IT departments around the globe as Microsoft has issued this month’s round of patches. There are 23 flaws to be fixed.

The seven patches include three critical issues, affecting Microsoft Windows, Office, Silverlight, and the .NET Framework. One patch, MS12-034, is specifically aimed at fixing possible attack vectors for the Duqu malware that Redmond initially blocked in December. It sorts ten flaws, some of which are publicly disclosed.

“Duqu is no longer able to exploit that vulnerability after applying the security update. However, we wanted to be sure to address the vulnerable code wherever it appeared across the Microsoft code base,” blogged Jonathan Ness from Microsoft’s security research center engineering team.

“To that end, we have been working with Microsoft Research to develop a ‘Cloned Code Detection’ system that we can run for every MSRC case to find any instance of the vulnerable code in any shipping product.”

Microsoft’s second highest priority if a critical flaw in Word that allows remote code execution from malware accessed via email and websites. One exploit is in the wild but doesn’t give admin access, and Office 2010 users don’t need to fix this. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2012/05/09/microsoft_patch_tuesday_23/