Coming May 11, Tuesday, Microsoft will be releasing its monthly patch updates, and last Thursday, the company released an advance notification in its Microsoft TechNet site for the updates. Note that these advanced notifications aim to allow Microsoft users to make deployment plans ahead of time. It commonly contains a summary of the security updates or patches, certain software they affect, and severity levels of the covered vulnerabilities for a particular month.
For the month of May, Microsoft informed its users that two security bulletins, with the maximum severity rating of Critical, will be released. Such a rating means that, once exploited, the vulnerabilities covered in the bulletins could enable the propagation of malware over the Internet without user involvement. Since Microsoft can issue proper bulletin identifiers (in the familiar MSyy-xxx format) only every Patch Tuesday release, let us simply call the bulletins Bulletin 1 and Bulletin 2.
Bulletin 1 affects the following Microsoft Windows operating systems:
- Windows 2000
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
On the other hand, Bulletin 2 affects Microsoft Office Suites and Microsoft Visual Basic for Applications.
Note, however, that the recently released advisory regarding a Microsoft SharePoint vulnerability will not be covered in the Tuesday release. Despite this, Trend Micro Deep Security™ and Trend Micro OfficeScan™ already protect business users against this particular vulnerability via the Intrusion Defense Firewall (IDF) plug-in if their systems are updated with the IDF rule numbers 1000552 and 1004130. Note that the former rule number had been released initially on July 2006 and updated continuously since then while the later was set to be released on May 11.