Microsoft has a small Patch Tuesday planned for this month, with just two security bulletins addressing a single vulnerability each. Both of the vulnerabilities are rated "Critical," Microsoft's highest severity rating, and could leave users open to remote code execution of malicious software by attackers. According to the company's advance notification, affected software includes Windows, Microsoft Office and Microsoft Visual Basic for Applications.
Microsoft said Windows 7 and Windows Server 2008 R2 customers will be offered the Windows related patch but made it clear that those versions of the operating system are not vulnerable in their default configurations. As usual, an updated version of the Microsoft Windows Malicious Software Removal Tool will be released along the patches, as well as an update to the Windows Mail Junk Mail filter and several non-security updates for Windows' update mechanism.
All in all this was a calm month for Microsoft. In April, the company issued 11 security updates that fixed a total of 25 flaws. We should note however that a recently disclosed SharePoint vulnerability is not one of the vulnerabilities being patched this month, nor is another disclosed in early February that affects all versions of Internet Explorer.