Microsoft (NSDQ:MSFT) is anticipating a light patch load for its May release on Tuesday, repairing just three vulnerabilities in two updates affecting Windows and Microsoft Office. The first bulletin, designated with the highest severity ranking of "critical," plugs just one security hole in Microsoft Windows. A security bug rated as "critical" often indicates that the vulnerability can be exploited remotely with malicious code, usually with little or no user intervention required. Affected Windows and Office components will be disclosed in Microsoft's official patch release Tuesday.
The second bulletin, given the slightly less severe ranking of "important," repairs two vulnerabilities in Microsoft Office, one of which also enables remote code execution. However, both patches could cause some disruption to the workday as both may require a restart. The light May security bulletin follows on the heels of a massive April patch, Which featured 17 bulletins repairing a total of 64 vulnerabilities.
Microsoft is slated to release its latest security updates Tuesday, May 10. However, some experts contend that this month's updates are not particularly out of the ordinary. Paul Henry, security and forensic analyst for security firm Lumension, said that users should be more worried about protecting passwords and enhancing internal security infrastructure in order to reduce the risk of a cyber attack.
"While the light patch load for May will be disruptive, it isn’t out of the ordinary," Henry said in an e-mail. "What we do need to worry about is that in light of recent mega-breaches, we are obviously not getting it right when it comes to protecting ourselves. People need to re-evaluate their security infrastructure and perhaps even their priorities."
Henry said that in many of the recent high profile breaches -- against companies such as Sony and Amazon (NSDQ:AMZN) for example -- user credentials were seen being distributed over the Internet, rendering victims' passwords useless.
"We need to make certain we have other layered security to prevent unauthorized persons downloading and running malicious software in the environment," he said. "No one is immune to attack.