Today, Microsoft released two patches in the May 2011 security bulletin. This continues the cycle of smaller and larger patches on alternate months.
MS11-035 is rated as critical and affects the WINS component of Windows 2003 and 2008 server operating systems. WINS (like DNS) is a name resolution service. WINS resolves names in the NetBIOS namespace (like DNS which resolves names in the DNS domain). WINS is not enabled by default in Windows 2003 and 2008, but server administrators who have it enabled should apply the patch immediately as attackers could remotely cause a denial of service. The exploitability index is 2 which imply that remote code execution is not likely but denial of service is possible.
MS11-036 affects Microsoft Office Power Point and is rated important. As it happened before on several occasions, users of the new Office 2010 for both Windows and Mac OS X are not affected by the vulnerability. Older versions like Office XP, 2003, 2007 and 2004 for Mac are affected. Using this vulnerability, an attacker could take full control of the target machine if a victim opens a malicious power point document.
The two patches released today came with the new and improved exploitability index rating that was announced by Microsoft last week. The original exploitability index is now split into a rating for the most recent version of the software, and an aggregate rating for all older versions. For example in MS11-036, which is an Office bulletin, the latest versions, both Office 2010 and Office 2011 for Mac were not affected. Therefore the exploitability rating for the latest version is 'Not Affected' and for older platforms is 2. This new system more accurately reflects risk to customers that keep their environments updated with the latest product releases.
Today’s release provided a breather for administrators so they can brace themselves for a larger update next month.