14 DAY TRIAL // Microsoft plans to launch just two security bulletins next week on May 11, 2010, designed to patch vulnerabilities impacting various releases of the company’s main cash cows. According to the advance notification information provided by the Redmond company, next week’s updates will patch just two security flaws impacting Windows and Office, respectively. Jerry Bryant, group manager, Response Communications, revealed that the latest versions of Windows client and server were not vulnerable in their default configuration. In the same manner, the latest Office System release does not contain the vulnerable code resolved in the company’s upcoming patch cycle.
On “May 11, we will release two Critical bulletins addressing two vulnerabilities - one in Windows and one in Office. Windows 7 and Windows Server 2008 R2 customers will be offered the Windows related update but they are not vulnerable in their default configurations. More information on this will be provided on Tuesday,” Bryant stated.
Office 2010 was released to manufacturing on April 15th, 2010 and is already being run by a variety of customers, including MSDN and TechNet subscribers. Ahead of RTM, the Redmond company would have patched only Critical vulnerabilities in the productivity suite. In this context, the fact that no patches target Office 2010 RTM specifically means that the product is not affected by the vulnerability scheduled for patching next week, unlike Office XP, Office 2003, and Office 2007.
“Concerning the recent Security Advisory for SharePoint, 983438, we will not be releasing an update for that with the May bulletins. Our teams are still working on an update for that issue. In the meantime, we recommend customers review the advisory and apply the workarounds,” Bryant added. “We recommend that customers prepare for the testing and deployment of both bulletins as soon as possible.”