14 DAY TRIAL // Slow month for Microsoft, patch-wise, with just two security bulletins available in May 2011, designed to plug only three holes in Windows and Office.
As revealed in the Advanced Notification that the software giant made public last week, only one of the two patch packages this month carries a rating of Critical.
Obviously, Microsoft Security Bulletin MS11-035 is also considered a priority as far as deployment goes, but customers should consider deploying all the May 2011 security updates as soon as possible in order to render useless any potential exploits.
“MS11-035 (WINS or Windows Internet Name Server): This security update resolves a privately reported vulnerability in the Windows Internet Name Service (WINS),” reveals Pete Voss, Sr. Response Communications Manager Microsoft Trustworthy Computing.
“The vulnerability could allow remote code execution if a user received specially crafted malware on an affected system running the WINS service. By default, WINS is not installed on any affected operating system. Only customers who manually install this component are affected by this issue and will be offered the update.”
The remaining security bulletin, MS11-036 fixes a couple of vulnerabilities in PowerPoint, but despite the fact that it allows for remote code execution, it has been rated only Important in terms of the risks that customers are exposed to.
“The vulnerabilities could allow remote code execution if a user opens a specially crafted malicious PowerPoint file. An attacker who successfully exploited either of these vulnerabilities could gain the same user rights as a logged-on user,” Voss stated.
“Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
Customers running Windows 7 SP1 or Office 2010 will not have to deploy any security patches this month, since neither of the two security bulletins released by Microsoft this week impacts their products.