May Microsoft Patch Tuesday
Microsoft has announced two new patches today to fix vulnerabilities that could allow remote code execution. Both patches are rated Critical by Microsoft and affect Microsoft Windows and Microsoft Office. Gladiator recommends that users with impacted systems apply both Critical patches. Detailed information for the patches can be found in Microsoft’s May Security Bulletin. 
Summary information is included below:
- Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542) MS10-030 – This update fixes a privately-reported remote code execution vulnerability in Outlook Express, Windows Mail and Windows Live Mail. This vulnerability is rated Critical. This vulnerability is triggered by a victim connecting to a malicious email server.
- Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213) MS10-031 – This update fixes a privately-reported remote code execution vulnerability in Microsoft Visual Basic for Applications. This vulnerability is rated Critical for Microsoft Office and Microsoft Visual Basic for Applications. Attackers can exploit this vulnerability by passing a maliciously-crafted file to a vulnerable system. This file must be opened by a host application that passes it to the vulnerable Visual Basic for Applications runtime. Vulnerable applications include Microsoft Office XP and 2003 with Service Pack 3.
Gladiator recommends that users patch their systems during their normal patch window.
Related Links:
- Microsoft Security Bulletin (http://www.microsoft.com/technet/security/bulletin/ms10-may.mspx)
- SANS ISC Diary Entry (http://isc.sans.org/diary.html?storyid=8776)