As expected, Microsoft today released its regular monthly batch of security bulletins and associated patches. This month there are ten bulletins, addressing 32 identified vulnerabilities. Two bulletins have a Critical severity rating, and the remaining eight are rated Important. Five of the bulletins are for Windows and its components; every supported version of Windows is affected, and all desktop versions have one or more Critical vulnerabilities.
The remaining five bulletins, all of which are rated Important, apply to other Microsoft software products. There are three bulletins for Microsoft Office and its components (including Word Viewer). Microsoft Lync has one bulletin, and there is one for Windows Essentials.
Microsoft says that three of the Windows bulletins will definitely require a system reboot, and the others may require one, depending on the configuration of your system.
For more detailed information, and download links, please see the Microsoft Security Bulletin Summary for May 2013.
As usual, I recommend applying these patches to your systems as soon as you conveniently can.
The handlers at the SANS Internet Storm Center have posted their usual summary and evaluation of this month’s patches.
Update Tuesday, May 14, 14:40 EDT
According to the folks at the SANS Internet Storm Center, one of these bulletins, MS13-038, which applies to Internet Explorer 8, fixes a vulnerability that is being exploited currently.