News

Microsoft To Deliver Two Security Fixes on Tuesday

Microsoft's security update coming next Tuesday looks to be light, with one "critical" item and one "important" item expected.

The May patch will be light relative to last month's bundle, at least. As with almost all monthly patch releases from Microsoft, the predominant risk expected to be addressed in this month's security update will be remote code execution (RCE). The two bulletins in the May patch both address this vulnerability.

The critical item in the patch will address RCE vulnerabilities in Windows Server 2003 and 2008.

The important item will be designed to plug an RCE security concern with PowerPoint in Microsoft Office. Office XP, Office 2003 and 2007, and Office 2004 and 2008 are among the affected versions.

"While the light patch load for May will be disruptive, it isn't out of the ordinary. What we do need to worry about is that in light of recent mega-breaches, we are obviously not getting it right when it comes to protecting ourselves," said Paul Henry, security and forensic analyst at Lumension. "People need to reevaluate their security infrastructure and perhaps even their priorities."

IT pros could take advantage of the light load this month by checking out this Microsoft Knowledge Base article. It describes nonsecurity patching being delivered through Microsoft's client update services and Windows Server Update Services.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

  • Qualcomm Back in Datacenter Fray with AI Chip

    The chip maker joins a crowded field of vendors that are designing silicon for processing AI inference workloads in the datacenter.

  • Microsoft To Ship Surface Hub 2S Conference Device in June

    Microsoft on Wednesday announced a June U.S. ship date for one of its Surface Hub 2S conferencing room products, plus a couple of other product milestones.

  • Kaspersky Lab Nabs Another Windows Zero-Day

    Kaspersky Lab this week described more about a zero-day Windows vulnerability (CVE-2019-0859) that its researchers recently discovered, and how PowerShell was used by the exploit.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.