Both updates repair two critical vulnerabilities — one affecting Windows and the other in Microsoft Office — which can leave users susceptible to remote code execution attacks.
The patch will also be available to both Windows 7 and Windows Server 2008, although neither are affected by the critical vulnerabilities addressed in the May patch.
Microsoft, however, will not be releasing a patch this month for a recently detected security flaw in its Sharepoint Server and SharePoint Service.
“Our teams are still working on an update for that issue,” said Jerry Bryant, Microsoft group manager for response communications, in a company blog post. Microsoft released an advisory at the end of April warning users of a vulnerability in Windows SharePoint Service 3.0 and Microsoft Office SharePoint Server 2007, given the slightly less severe ranking of “important,” which could potentially enable a hacker to infiltrate an organization’s system to access and steal sensitive information such as intellectual property and customer data. Microsoft anticipates a fix for the SharePoint flaw in June, which will likely to be included in the regularly scheduled update cycle.
Until Microsoft releases a fix for the SharePoint flaw, the company recommends that users apply the suggested workarounds, which includes getting an administrator to restrict access to the SharePoint Help.aspx in order to prevent an attack through this vector.
Bryant advised users to start preparing for the testing and deployment of both critical security bulletins “as soon as possible,” before the patches became available on May 11.
Bryant also reiterated to customers that Microsoft will eliminate support for Windows 2000 and Windows XP SP2 starting July 13, recommending that they should upgrade to either a supported operating system or the latest service pack in order to keep receiving security updates.