On the morning of May 9th, Microsoft released 7 security patches globally according to the custom, modifying many dangerous bugs of suites of Windows, Office, .NET Framework, Silver Light, etc. And the bugs of Office can result in the complete control by others.

According to the Microsoft security report, 5 out of the 7 patches are related to the Office suites. The Office bugs are vulnerable enough to let Windows be completed controlled. Hackers can take advantage of the bugs to make some special Word files, when the system with bugs opens the files, the malicious program will be enabled, so that the computer will be completely controlled by hackers.

In the early May, security vulnerability of Adobe Flash was known by the public, which get Office involved, too. Attackers inserted the Flash files with attacking codes in the Office files. If the relevant Adobe Flash Player suites of the attacked computer have not been updated and the DOC file is opened, the attacked computer will be entirely controlled or download the backdoor program designated by the attacker.

7 security bugs of Microsoft Windows, Microsoft Office, .NET Framework and Silver Light will be modified. The operating systems involved are editions ranging from Windows XP to Windows 7. Windows 8 will not be affected at present.

The information of the patches

1. Bugs of Microsoft Word may allow remote code execution

Security bulletin: MS12-029

Knowledge base number: KB2598332, KB2596917

Degree: Serious

Description: this security update eliminates a secret report bug of Microsoft Office. If the user opens a special RTF file, the bug may allow remote code execution. A successful attacker can acquire the same user permission of the current user.

Systems involved: Microsoft Office 2003 Service Pack 3、Microsoft Office 2007 Service Pack 、Microsoft Office 2007 Service Pack 3

2. Bugs in Windows may allow remote code execution

Security bulletin: MS12-030

Knowledge base number: KB2597086、KB2597161、KB2597166、KB2597969、KB2553371、KB2596842

Degree: important

Description: this security update eliminates a disclosed and 5 secret reports bugs of Microsoft Office. If the user opens a special Office file, the bug may allow remote code execution. A successful attacker can acquire the same user permission of the current user.

Systems involved: Full system, Office, Microsoft .NET Framework

3. Bugs of Microsoft Visio Viewer may allow remote code execution

Security bulletin: MS12-031

Knowledge base number: KB2597981

Degree: important

Description: this security update eliminates a secret report bug of Microsoft Office. If the user opens a special Visio file, the bug may allow remote code execution. A successful attacker can acquire the same user permission of the current user.

System involved: Visio2010

4. Bugs of TCP/IP may allow privilege elevation

Security bulletin: MS12-032

Knowledge base number: KB2688338

Degree: important

Description: this security update eliminates a disclosed and a secret report bug of Microsoft Windows. What’s worse, these bugs will allow privilege elevation, if the attacker logs in the system and runs some certain app program.

Systems involved: Windows Vista Service Pack 2、Windows Vista x64 Edition Service Pack 2、Windows 7 for 32-bit Systems、Windows 7 for 32-bit Systems Service Pack 1、Windows 7 for x64-based Systems、Windows 7 for x64-based Systems Service Pack 1

5. Bugs of Windows partition manager may allow privilege elevation

Security bulletin: MS12-033

Knowledge base: KB2690533

Degree: important

Description: this security update eliminates a secret report bug of Microsoft Windows. The bug will allow privilege elevation, if the attacker logs in the system and runs some certain app program.

Systems involved: Windows Vista Service Pack 2、Windows Vista x64 Edition Service Pack 2、Windows 7 for 32-bit Systems、Windows 7 for 32-bit Systems Service Pack 1、Windows 7 for x64-based Systems、Windows 7 for x64-based Systems Service Pack 1

6. United security updates: Office, Microsoft .NET Framework, Silverlight

Security bulletin: MS12-034

Knowledge base number: KB2659262、KB2676562、KB2686509、KB2658846、KB2660649、KB2658846、KB2656407、KB2656409、KB2656410、KB2656411、KB2656405、KB2598253、KB2596672、KB2589337

Degree: serious

Description: this security update eliminates three disclosed and seven secret reports bugs of Microsoft Windows. These bugs will allow remote code execution.

Systems involved: Windows、Office、Microsoft .NET Framework、Silverlight

7. Bugs of .NET Framework will allow remote code execution

Security bulletin: MS12-035

Knowledge base number: KB2604042、KB2604044、KB2604078、KB2604092、KB2604094、KB2604110、KB2604105、KB2604111、KB2604115、KB2604114、KB2604121

Degree: serious

Description: this security update eliminates two security reports bugs of .NET Framework. If the user surf the certain webpage and use the browser, MBAP of XAML browser will be enabled, and the bugs of the client system will allow remote code execution.