May's Patch Tuesday to address vulnerabilities in Windows, Office


The upcoming Patch Tuesday, scheduled to take place May 8, will include seven security bulletins addressing a total of 23 vulnerabilities. Three of these bulletins have been tagged as "critical," while the rest are considered to be "important." Of the latter category, two of the bulletins were identified as being a risk to remote code execution attacks, and the remaining two face the possibility of an elevation of privilege.

All versions of Windows are affected by the bulletins, including Microsoft (NASDAQ: MSFT) Office on Windows and the Mac OS X, as well as Microsoft Silverlight. The severity means that businesses should install them as soon as possible and should be prepared for a disruptive system restart before it's completed.

Wolfgang Kandek, CTO of Qualys, wrote in an email message that May's bulletins bring the tally of bulletins released by Microsoft to 35, which is roughly on par with last year's 36. Kandek observed however that the bulletins this year were "received at a much steadier rate fluctuating between 6 and 9 so far," compared with the "much stronger differences ranging from 2 to 17" last year.

This is good news to system and security administrators, who should find it easier to work with a more or less consistent number of patches each month, rather than scrambling between lull periods in some months and large spikes in others.

Moreover, Microsoft this week also released the results of its investigation into a damaging leakage of proof-of-concept code and vulnerability information originating from the company's Microsoft Active Protection Program. In a terse entry posted on the company's Security Response Center blog, Microsoft announced that it has determined that Hangzhou DPTech Technologies Co., Ltd breached Microsoft's nondisclosure agreement and has been removed as a MAPP partner.

For more:
- check out this article at eWeek

Related Articles:
Big Patch Tuesday from Microsoft to kick off 2012
Internet Explorer to get silent updates