Microsoft has released two new security bulletins in the May 2011 edition of Patch Tuesday. These two bulletins address three vulnerabilities where none of the vulnerabilities are publicly known.
The security bulletin that administrators should look at patching first is MS11-035. This security bulletin affects the WINS service on all supported Microsoft server products (Windows 2003 and 2008). An attacker sending specially crafted to a Windows Server running WINS could result in remote code execution.
The second bulletin (MS11-036) affects older versions of the Microsoft PowerPoint product. Opening a malicious PowerPoint document could lead to remote code execution.
With this being a lighter patch month, administrators should take this chance to catch up from last month’s massive Patch Tuesday. In addition, there were multiple vendors releasing critical security bulletins.
Earlier this month, Adobe released updates to their Adobe Reader, Acrobat, Flash and Air products. The security update addressed a critical vulnerability that had reports of being exploited in the wild. Apple also updated their Apple iTunes addressing two vulnerabilities.
I will be going over the May 2011 patch Tuesday in depth with our monthly patch Tuesday webinar. You can register to attend it here.
– Jason Miller