Calling all Microsoft administrators! It’s Microsoft Patch Day, and their security updates are available for download.
You know the drill by now. As they do every second Tuesday of the month, Microsoft has released May’s important security updates. You can find this month’s Patch Day highlights in Microsoft’s summary post, but here’s what you really need to know:
- Microsoft released eight bulletins, two rated Critical and the rest Important.
- The affected products include
- Windows
- Office
- Internet Explorer (IE)
- and Sharepoint Server.
- Attackers are apparently exploiting some of the Windows and IE vulnerabilities in the wild already, in what Microsoft calls “limited, targeted attacks.
- As expected, Windows XP users aren’t getting patches this month (or from hereafter).
In short, if you use any of the affected Microsoft products, you should download, test, and deploy these updates as quickly as you can. You can also let Windows’ Automatic Update do it for you. While I don’t recommend Automatic Update on servers (due to potential patch bugs), I do think you should enable it on your clients computers. As always, concentrate on installing the Critical updates as soon as you can (especially the IE one this month), and handle the others later.
I’ll share more details about today’s patches on the blog throughout the day, though these posts may be slightly delayed due to my participation in WatchGuard’s US Partner Summit. — Corey Nachreiner, CISSP (@SecAdept).