Microsoft To Deliver Two Security Fixes on Tuesday
Microsoft's security update coming next Tuesday looks to be light, with one "critical" item and one "important" item expected.
The May patch will be light relative to last month's bundle, at least. As with almost all monthly patch releases from Microsoft, the predominant risk expected to be addressed in this month's security update will be remote code execution (RCE). The two bulletins in the May patch both address this vulnerability.
The critical item in the patch will address RCE vulnerabilities in Windows Server 2003 and 2008.
The important item will be designed to plug an RCE security concern with PowerPoint in Microsoft Office. Office XP, Office 2003 and 2007, and Office 2004 and 2008 are among the affected versions.
"While the light patch load for May will be disruptive, it isn't out of the ordinary. What we do need to worry about is that in light of recent mega-breaches, we are obviously not getting it right when it comes to protecting ourselves," said Paul Henry, security and forensic analyst at Lumension. "People need to reevaluate their security infrastructure and perhaps even their priorities."
IT pros could take advantage of the light load this month by checking out this Microsoft Knowledge Base article. It describes nonsecurity patching being delivered through Microsoft's client update services and Windows Server Update Services.
Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.