After a record-breaking number of security bulletins and vulnerabilities addressed and patched last month, this month"s Patch Tuesday is silent in comparison. In this month"s advanced security notification published by Microsoft, only two security bulletins are published. Patch Tuesday occurs on the second Tuesday of a month for all of Microsoft"s software products, although out-of-band updates can happen in the weeks following Patch Tuesday, as was the case in April.
The bulletin for Microsoft Office is labelled "important" and covers currently supported versions of Microsoft Office except for 2010 and 2011. The bulletin for Windows is labelled "critical" and covers only Windows Server. The two security bulletins address vulnerabilities allowing for remote code execution.
Starting from May 2011, Microsoft will be making changes to its Exploitability Index listed in security notifications. The changes are explained in this blog post from the Microsoft Security Response Center.
Currently, there are no updates planned this Tuesday for consumer versions of Windows.
Affected products include:
- Windows Server 2003 SP2 (32- and 64-bit)
- Windows Server 2003 for Itanium systems SP2
- Windows Server 2008 and Windows Server 2008 SP2 (32- and 64-bit)
- Windows Server 2008 R2 and Windows Server R2 SP1
- Microsoft Office XP SP3
- Microsoft Office 2003 SP3
- Microsoft Office 2007 SP2
- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2
- Microsoft Office 2004 for Mac
- Microsoft Office 2008 for Mac
- Open XML File Format Converter for Mac
Some of these updates will require a restart. Affected software includes both 32-bit and 64-bit, where applicable.