Microsoft To Patch Critical Vulnerabilities
This Tuesday Microsoft will issue two bulletins aimed at fixing vulnerabilities to address critical vulnerabilities in Windows, Offices, and Visual basic for Applications.
May 9, 2010
This Tuesday Microsoft will issue two bulletins aimed at fixing vulnerabilities to address critical vulnerabilities in Windows, Offices, and Visual basic for Applications.This Tuesday Microsoft will issue two bulletins aimed at fixing vulnerabilities to address critical vulnerabilities in Windows, Offices, and Visual basic for Applications.
The vulnerabilities could leave users open to what's known as remote code execution. That's security geek speak that means attacks can launch attacks against systems and inject code from across networks and the Internet.
Fortunately, the May patch of patches won't come anywhere near the more than 20 patches the software maker published last month. The updates in the bulletins, according to Microsoft's advance notice, won't be entirely smooth as they'll likely require a system reboot to take affect.
What's most newsworthy in this month's Patch Tuesday is what's not being published: a patch for the cross-site scripting flaw that makes Office SharePoint 2007 and Windows SharePoint Services 3.0 vulnerable to attack. From the Microsoft Security Response Center (MSRC):
"Concerning the recent Security Advisory for SharePoint, 983438, we will not be releasing an update for that with the May bulletins. Our teams are still working on an update for that issue. In the meantime, we recommend customers review the advisory and apply the workarounds."
Details on how to mitigate risk created by the SharePoint flaw is available here.
For security, technology, and business observations throughout the day, consider following me on Twitter.
About the Author(s)
You May Also Like
Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024Extending Access Management: Securing Access for all Identities, Devices, and Applications
June 4, 2024Assessing Software Supply Chain Risk
June 6, 2024Preventing Attackers From Wandering Through Your Enterprise Infrastructure
June 19, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024