|07 May 2010||#1|
| || |
Advance Notification for the May 2010 Security Bulletin
Thursday, May 06, 2010 9:50 AM by MSRCTEAM
Advance Notification for the May 2010 Security Bulletin Release
Today we published our advance notification for the May security bulletin release letting customers know that next Tuesday, May 11, we will release two Critical bulletins addressing two vulnerabilities - one in Windows and one in Office. Windows 7 and Windows Server 2008 R2 customers will be offered the Windows related update but they are not vulnerable in their default configurations. More information on this will be provided on Tuesday.
Concerning the recent Security Advisory for SharePoint, 983438, we will not be releasing an update for that with the May bulletins. Our teams are still working on an update for that issue. In the meantime, we recommend customers review the advisory and apply the workarounds.
On a side note, I want to also continue reminding customers of Windows 2000 and Windows XP SP2 that all support for these platforms will end after July 13, 2010. Customers should upgrade to either a supported operating system or the latest service pack in order to keep receiving security updates.
We recommend that customers prepare for the testing and deployment of both bulletins as soon as possible. Finally, please join Adrian Stone and me for a public webcast next week where we will go in to details about the bulletins and answer questions live on the air. Here’s how to register:
Date: Wednesday May 12
Time: 11:00 a.m. PDT (UTC –8)
The Microsoft Security Response Center (MSRC) : Advance Notification for the May 2010 Security Bulletin Release
|My System Specs|
|12 May 2010||#2|
| || |
UPDATED INFO - Tuesday, May 11, 2010
May 2010 Security Bulletin Release
Today are releasing two security bulletins, MS10-030 and MS10-031 to address two vulnerabilities in Windows and Microsoft Office, both rated Critical. As always, we recommend that customers test and deploy both security updates as soon as possible.
MS10-030 is a Windows-based update resolving one vulnerability affecting Outlook Express, Windows Mail and Windows Live Mail. Windows 2000, XP, Vista, Server 2003, and Server 2008 all have a severity rating of Critical. Windows 7 and Windows Server 2008 R2 are rated Important when an affected mail client is installed. However, neither has a mail client installed by default. To successfully take advantage of this vulnerability, an attacker would either have to host a malicious mail server or compromise a mail server. Or, an attacker could perform a man in the middle attack and attempt to alter responses to the client. Heap mitigations built into Windows Vista and newer operating systems make exploitation of this vulnerability unlikely. Overall, we have rated this 2 on our Exploitability Index and do not expect reliable exploit code to surface in the next 30 days.
MS10-031 addresses one vulnerability in Microsoft Visual Basic for Applications (VBA). This security update is rated Critical for Microsoft VBA SDK 6.0 and third-party applications that use Microsoft VBA. For all supported versions of Office XP, Office 2003 and Office 2007, MS10-031 is rated Important due to the user interaction required in order to successfully exploit this issue. The update addresses the vulnerability by modifying the way VBA searches for ActiveX Controls embedded in documents. This bulletin is also rated a 2 on our Exploitability Index.
The Microsoft Security Response Center (MSRC) : May 2010 Security Bulletin Release
|My System Specs|
|Similar help and support threads for2: Advance Notification for the May 2010 Security Bulletin|
|Security Bulletin Advance Notification for April, 2012||Windows Updates & Activation|
|Security Bulletin Advance Notification for March, 2012||Windows Updates & Activation|
|Security Bulletin Advance Notification for November, 2011||Security News|
|Microsoft Security Bulletin Advance Notification for July 2010||News|
|June 2010 Security Bulletin Advance Notification||News|
|Advance Notification for the May 2010 Security Bulletin||News|
|Microsoft Security Bulletin Advance Notification.......||Windows Updates & Activation|