May Patch Tuesday: much quieter, but still critical

Stephen Withers
Monday, 09 May 2011 13:44

Business IT - Security

May is shaping up to be a quiet month for systems administrators, at least as far as security patches from Microsoft are concerned. The company is also changing the way it indicates the importance of specific security updates.

Microsoft has pre-announced just two security bulletins this month, a big turnaround from last month's near-record 17 bulletins covering 64 vulnerabilities.

Furthermore, it seems that the Windows update will only be for Server 2003 and 2008 (including R2). This update is classified as critical, and Server Core installations are affected.

On the applications side, the single bulletin will describe an important flaw in PowerPoint and related software. Affected versions are 2002, 2003, 2004, 2007, and 2008, plus the Open XML File Format Converter for Mac and the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2.

The bulletins are scheduled for release at around 10am on May 10 (US PDT; that's 3am on May 11, AEST).

Microsoft has also announced changes to the Exploitability Index it uses to help administrators prioritise the deployment of security patches. The index ranges from 1 ("consistent exploit code likely") to 3 ("functioning exploit code unlikely").

Find more details on the changes to the Exploitability Index on page 2.