After April's Patch Tuesday with 17 security bulletins, IT administrators will be glad to hear that Microsoft is planning for a much quieter Patch Tuesday in May. Microsoft intends to release two security bulletins to fix vulnerabilities in Windows Server and Office.
As usual, Microsoft does not go into great detail in its Advance Notification Service. Nevertheless, some key tidbits have been provided to prepare IT administrators for Patch Tuesday. This month Microsoft will patch a Critical vulnerability in Windows, and two vulnerabilities in Microsoft Office rated Important. The Windows vulnerability only affects the Server editions including Windows Server 2003, Server 2008, and Server 2008 R2.
Microsoft also released new guidance for their Exploitability Index. Starting in May, the Exploitability Index will become more comprehensive and will help customers prioritize bulletins with an emphasis on more recent platforms. Microsoft has provided further details in a separate MSRC blog post.
The security bulletins will be released on May 10 at 10am PDT with a technical webcast planned for May 11 at 11am PDT. As always, patches should always be tested before being deployed in an office or corporate environment to prevent any downtime for users. System Restore points will also allow for quick recovery in case of a faulty patch. There is always the possibility that patches may be reissued by Microsoft as we recently saw last month.