Microsoft’s May Patch Day will likely include many patches that prevent attackers from leveraging malicious Office documents.
According to May’s advanced notification post, Microsoft plans to release several security bulletins next Tuesday, fixing 23 flaws affecting Windows, Office, the .NET Framework, and Silverlight. Microsoft rates three of these bulletins as Critical.
In a nutshell, this month’s Patch Day looks fairly average. If forced to pick a theme, I’d say next week’s update leans towards Office-centric patches. At least two of the bulletins will probably fix Word and Excel document parsing flaws, which attackers could leverage to hijack your computer. While this month’s Patch Day won’t break any records, you’ll still want to download test and deploy Microsoft’s Critical updates as soon as you can, since they often allow remote attackers to gain full control or your machine.
I’ll know more about Microsoft’s May Update, and will post detailed information here on Tuesday, May 8th. — Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply