Pair of Security Fixes from Microsoft Due Tuesday

Update expected to address remote code execution problems.

Microsoft's security update due next Tuesday will be "light" when compared to last month's onslaught of patches.  One "critical" item and one "important" item are expected.

As with almost all monthly patch releases from Microsoft, the key risk that this month's security update is expected to fix will be remote code execution (RCE). Both bulletins in the May patch address this vulnerability.

The "critical" item is expected to address RCE vulnerabilities in Windows Server 2003 and 2008.

The "important" fix will be designed to plug an RCE security problem with PowerPoint in Microsoft Office. Office XP, Office 2003 and 2007, and Office 2004 and 2008 are among the affected versions.

"While the light patch load for May will be disruptive, it isn't out of the ordinary. What we do need to worry about is that in light of recent mega-breaches, we are obviously not getting it right when it comes to protecting ourselves," said Paul Henry, security and forensic analyst at Lumension. "People need to reevaluate their security infrastructure and perhaps even their priorities."

IT pros could take advantage of the light load this month by checking out this Microsoft Knowledge Base article. It describes nonsecurity patching being delivered through Microsoft's client update services and Windows Server Update Services.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.