'Critical' Office Fix To Highlight May Security Update

Microsoft's Patch Tuesday offering this month will feature three "critical" and four "important" bulletin items that will target 23 vulnerabilities.

Microsoft's Security Update will fix issues in Office, Windows, .NET Framework and Silverlight. As with every Advance Notification, details of the actual bulletin items won't be provided until after the patch release.

While the total number of bulletin items dispensed by Microsoft is low so far for this year (compared with the same timeframe last year), the number of vulnerabilities being addressed is higher. It's measured in terms of common vulnerability and exposures, or CVEs.

"CVEs correspond to the number of bugs fixed, and this year Microsoft is on a CVE streak," said Andrew Storms, director of security operation at nCircle. "With the 23 CVEs in May's patch, Microsoft's CVE count has already reached 70 for 2012. This time last year Microsoft issued just 59 CVEs."

A critical remote code execution bulletin for Microsoft Office tops the priority list this month. In fact, remote code execution flaw fixes will account for five of the seven May bulletins. The remaining two, which both fall under the important classification, will deal with elevation-of-privilege issues in Windows.

In other Patch Tuesday-related news, Microsoft announced today that it had found the party responsible for leaking proof-of-concept (POC) code for an RDE exploit ahead of its bulletin release in March.

"During our investigation into the disclosure of confidential data shared with our Microsoft Active Protections Program (MAPP) partners, we determined that a member of the MAPP program, Hangzhou DPTech Technologies Co., Ltd., had breached our non-disclosure agreement (NDA)," wrote Microsoft in a blog entry. "Microsoft takes breaches of our NDAs very seriously and has removed this partner from the MAPP Program."

Microsoft also said that it is strengthening its patching and disclosure process to prevent something like this incident happening in the future.

About the Author

Chris Paoli is the site producer for and


  • Hyper-V Architecture: Some Clarifications

    Brien answers two thought-provoking reader questions. First, do Hyper-V VMs have direct hardware access? And second, how is it possible to monitor VM resource consumption from the host operating system?

  • Old Stone Wall Graphic

    Microsoft Addressing 36 Vulnerabilities in December Security Patch Release

    Microsoft on Tuesday delivered its December bundle of security patches, which affect Windows, Internet Explorer, Office, Skype for Business, SQL Server and Visual Studio.

  • Microsoft Nudging Out Classic SharePoint Blogs

    So-called "classic" blogs used by SharePoint Online subscribers are on their way toward "retirement," according to Dec. 4 Microsoft Message Center post.

  • Datacenters in Space: OrbitsEdge Partners with HPE

    A Florida-based startup is partnering with Hewlett Packard Enterprise in a deal that gives new meaning to the "edge" in edge computing.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.