Microsoft released two critical security advisories as part of its May Patch Tuesday. In addition to the advanced notification it released last Thursday, Microsoft has addressed the vulnerabilities with this batch of patches.

MS10-030 deals with a privately reported vulnerability plaguing Outlook Express, Windows Mail, and Windows Live Mail, which can allow remote code execution if a user accesses a malicious email server. An exploit has already been reported targeting this vulnerability. Details on which can be found on this page. This site also describes possible attack scenarios for the said vulnerability.

MS10-031, on the other hand, resolves a vulnerability in the Microsoft Visual Basic for Applications runtime.

Users are thus strongly advised to update their systems as soon as possible, as these vulnerabilities can be used by cybercriminals to create worms and to instigate drive-by download malware attacks on their systems.

Adobe also released fixes for Shockwave Player and vulnerable ColdFusion servers. The former poses as more widespread than the latter with 18 separate vulnerabilities (most of which are “critical”). Though the vulnerabilities in the latter were not as critical, they have been noted to lead to cross-site scripting (XSS) and information disclosure. Users can download the latest Shockwave Player version from the Adobe Shockwave Player installation site while ColdFusion customers can find updates on this Adobe security bulletin page.

Everyone is vulnerable to threats lurking in the Web today. As such, users are strongly encouraged to apply the said patches immediately.

Trend Micro Deep Security and OfficeScan, through the Intrusion Defense Firewall (IDF) plug-in, already protect enterprise users against these vulnerabilities if their systems are updated with the latest Deep Packet Inspection (DPI) and IDF rules, respectively, which were released yesterday (May 11).