News

Microsoft To Deliver Two Security Fixes on Tuesday

Microsoft's security update coming next Tuesday looks to be light, with one "critical" item and one "important" item expected.

The May patch will be light relative to last month's bundle, at least. As with almost all monthly patch releases from Microsoft, the predominant risk expected to be addressed in this month's security update will be remote code execution (RCE). The two bulletins in the May patch both address this vulnerability.

The critical item in the patch will address RCE vulnerabilities in Windows Server 2003 and 2008.

The important item will be designed to plug an RCE security concern with PowerPoint in Microsoft Office. Office XP, Office 2003 and 2007, and Office 2004 and 2008 are among the affected versions.

"While the light patch load for May will be disruptive, it isn't out of the ordinary. What we do need to worry about is that in light of recent mega-breaches, we are obviously not getting it right when it comes to protecting ourselves," said Paul Henry, security and forensic analyst at Lumension. "People need to reevaluate their security infrastructure and perhaps even their priorities."

IT pros could take advantage of the light load this month by checking out this Microsoft Knowledge Base article. It describes nonsecurity patching being delivered through Microsoft's client update services and Windows Server Update Services.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Starting To Roll Out New Excel Connected Data Types

    Microsoft on Thursday announced some Excel and Power BI enhancements that add "connected data types" on top of the standard strings and numbers options.

  • Windows 10 Users Getting New Process for Finding Optional Driver Updates

    Accessing Windows 10 drivers classified as "optional updates" will be more of a manual seek-and-install type of experience, starting on Nov. 5, 2020, Microsoft explained in a Wednesday announcement.

  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

comments powered by Disqus