MS12-034 – Critical : Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) – Version: 1.4
Revision Note: V1.4 (July 31, 2012): Bulletin revised to announce a detection change in the Windows Vista packages for KB2676562 to correct a Windows Update reoffering issue. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves three publicly disclosed vulnerabilities and seven privately reported vulnerabilities in Microsoft Office, Microsoft Windows, the Microsoft .NET Framework, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a malicious webpage that embeds TrueType font files. An attacker would have no way to force users to visit a malicious website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.