The vulnerabilities could leave users open to what's known as remote code execution. That's security geek speak that means attacks can launch attacks against systems and inject code from across networks and the Internet.
Fortunately, the May patch of patches won't come anywhere near the more than 20 patches the software maker published last month. The updates in the bulletins, according to Microsoft's advance notice, won't be entirely smooth as they'll likely require a system reboot to take affect.
What's most newsworthy in this month's Patch Tuesday is what's not being published: a patch for the cross-site scripting flaw that makes Office SharePoint 2007 and Windows SharePoint Services 3.0 vulnerable to attack. From the Microsoft Security Response Center (MSRC):
Concerning the recent Security Advisory for SharePoint, 983438, we will not be releasing an update for that with the May bulletins. Our teams are still working on an update for that issue. In the meantime, we recommend customers review the advisory and apply the workarounds.
Details on how to mitigate risk created by the SharePoint flaw is available here.
For security, technology, and business observations throughout the day, consider following me on Twitter.