Microsoft Gives IT Admins a Break for May Patch Tuesday
By Tony Bradley, PCWorld
Microsoft is only planning to release two new security bulletins for the May Patch Tuesday next week. The exceptionally light load is a welcome reprieve for IT admins who are still struggling to test and implement the record onlsaught of security bulletins and updates from the April Patch Tuesday.
Wolfgang Kandek, CTO of Qualys, explains in a blog post that not only are there only two security bulletins this month, but the vulnerabilities have limited scope as well. “The first bulletin is rated critical for Windows, but is applicable only to Windows 2003 and 2008. The second bulletin is for Microsoft Office and is rated important and applies to Office XP, 2003, 2007 and 2004 for Mac.”
Kandek also notes, however, that its not an accident that the latest versions of the Windows operating system, as well as the current Microsoft Office for both Windows and Mac OS X are not impacted by these flaws.
Andrew Storms, director of security operations for nCircle, points out, “Considering all the concerns security experts have with Adobe, Sony, Epsilon, and Apple right now, a light Microsoft month is more than good news.”
Along the same vein as Kandek’s observation about the current versions of Microsoft software being less vulnerable to, or affected by flaws, Microsoft is introducing a modified exploit index rating system this month. The new system separates the exploit index rating of the latest platform and software releases from the legacy versions.
Storms says, “The new rating system provides users with maximum visibility into the relative safety of the newest products.”
Check back next Tuesday for more detailed analysis of the Microsoft Patch Tuesday security bulletins and updates once they are released.