Two critical updates from Microsoft next week

Stephen Withers
Friday, 07 May 2010 10:07

Business IT - Security

Microsoft will patch critical vulnerabilities in Windows and Office this month, but a fix for the SharePoint cross-site scripting vulnerability isn't ready yet.

Patch Tuesday is fast approaching again, and Microsoft has warned that there will be two critical bulletins, one for Windows and the other for Office.

The Windows update is rated critical for Windows 2000, XP, Vista and Server 2008, but only important for Windows 7 and Server 2008 R2 as they are not vulnerable to the issue (whatever it is) in their default configurations.

The Office bulletin relates to Visual Basic for Applications. It is rated critical for Visual Basic for Applications itself and the Visual Basic for Applications SDK, but only important for Office XP, 2003 and 2007.

"We recommend that customers prepare for the testing and deployment of both bulletins as soon as possible," said Jerry Bryant, group manager, response communications at the Microsoft Security Response Center.

As usual, Microsoft will also release updated versions of the Malicious Software Removal Tool and the Windows Mail Junk E-mail Filter.

Microsoft continues to warn customers that all support for Windows 2000 and XP SP2 ends on July 13, and recommends they upgrade to a more recent operating system or at least XP SP3.