In keeping with its customary schedule, Microsoft today released its monthly set of security bulletins and associated patches. This month’s release was relatively light, with three bulletins. One, rated Critical, affecting server versions of Windows (Server 2003, Server 2008, and Server 2008 Release 2); the other two, rated Important, affect Microsoft Office components. More details, and download links, are in the Security Bulletin Summary for May 2011.
The Windows fix is to a component called Windows Internet Name Service [WINS] which, according to Microsoft, is not installed by default, so you may not need this update [MS11-035]; it does not apply to client systems in any case. The Office fixes apply to PowerPoint, and to Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats. Mac users should note that the vulnerability also exists in Mac versions of the software; however, Microsoft says in a footnote:
The security updates for Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, and Open XML File Format Converter for Mac are unavailable at this time.
It is somewhat difficult to know what to make of this, and there is no indication of when a patch might be released. If you are a Mac user, I’d suggest keeping an eye on the Security Bulletin Summary for status updates.
The folks at the SANS Internet Storm Center have posted their own summary of this month’s bulletins, with their severity ratings.
As always, I recommend installing these updates as soon as you conveniently can.