Qualys Blog

www.qualys.com
wkandek

Patch Tuesday – Preview for May 2010

Following the large April update Microsoft will have only 2 Bulletins to release in May. One of the bulletins is for Windows and is rated "critical" for all members of the family but Windows 7 and 2008R2. On the Win7/2008R2 combo it is rated "important", continuing the consistently better showing of Microsoft’s newer OSs. The second bulletin is for Office, where all versions are affected and it is rated "important", however it is rated "critical" for Visual Basic for Applications and its SDK. .

Microsoft will not address the recent SharePoint vulnerability (KB983438) and recommends applying into the work-arounds shown in the advisory, restricting the access to the Help functionality in SharePoint.

Last month’s bulletins have been seen a fair amount of discussion. Microsoft reissued MS10-025 on April 27 after the initial patch was found to be ineffective. The bulletin only applies to Windows 2000 and is rated "critical", so if it affects your installation please check whether you have applied the latest version. As support for Windows 2000 (and XP SP2) is being discontinued in the summer, IT admins that still run either of these Operating Systems should be working on a replacement strategy. Earlier this week Core Security published 2 advisories concerning MS10-024 and MS10-028, showing that they contained fixes for vulnerabilities not listed in the bulletins. While the inclusion of internally found vulnerabilities is considered normal, Core suggests that the severity for MS10-024 should be upgraded.

Leave a Reply