This Tuesday Microsoft will issue two bulletins aimed at fixing vulnerabilities to address critical vulnerabilities in Windows, Offices, and Visual basic for Applications.
May 9, 2010
This Tuesday Microsoft will issue two bulletins aimed at fixing vulnerabilities to address critical vulnerabilities in Windows, Offices, and Visual basic for Applications.This Tuesday Microsoft will issue two bulletins aimed at fixing vulnerabilities to address critical vulnerabilities in Windows, Offices, and Visual basic for Applications.
The vulnerabilities could leave users open to what's known as remote code execution. That's security geek speak that means attacks can launch attacks against systems and inject code from across networks and the Internet.
Fortunately, the May patch of patches won't come anywhere near the more than 20 patches the software maker published last month. The updates in the bulletins, according to Microsoft's advance notice, won't be entirely smooth as they'll likely require a system reboot to take affect.
What's most newsworthy in this month's Patch Tuesday is what's not being published: a patch for the cross-site scripting flaw that makes Office SharePoint 2007 and Windows SharePoint Services 3.0 vulnerable to attack. From the Microsoft Security Response Center (MSRC):
"Concerning the recent Security Advisory for SharePoint, 983438, we will not be releasing an update for that with the May bulletins. Our teams are still working on an update for that issue. In the meantime, we recommend customers review the advisory and apply the workarounds."
Details on how to mitigate risk created by the SharePoint flaw is available here.
For security, technology, and business observations throughout the day, consider following me on Twitter.
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024