Microsoft has released their advance notification for the May 2014 Patch Tuesday updates. There will be a total of eight updates issued next Tuesday, May 13, two of them rated critical.
This is the first Patch Tuesday since the end of support for Windows XP and Office 2003. Even though Microsoft provided an update one week ago for all Windows versions, including Windows XP, they do not plan to make any such accommodations this time.
Bulletin one, which will be released as MS14-022, is a remote code execution vulnerability for Microsoft Windows, specifically involving Internet Explorer. It is listed as critical for all client versions of Windows from Windows Vista through Windows 8.1 and moderate for all Windows Server versions. In such cases it is inevitable that the bug will be critical on Windows XP as well, but XP is not listed as among the products to be updated.
The other critical bulletin, Bulletin two (MS14-023), addresses at least one critical vulnerability in SharePoint Server 2007, 2010 and 2013.
Bulletins three and eight affect all supported versions of Microsoft Office: 2007, 2010 and 2013, both x86 and ARM, and are rated Important for all platforms. Office 2003, which also reached its end of support last month, is not listed as being scheduled to receive an update.
The other four bulletins and updates all affect Microsoft Windows and are rated Important. Based on the other products affected it would appear that Windows XP will be affected by bulletins four, five and six, but not seven.
As is usually the case, Microsoft will also release a new version of the Windows Malicious Software Removal Tool and a large collection of non-security updates to various Windows versions.
Dustin Childs, Group Manager for Microsoft Trustworthy Computing did not address the XP/Office 2003 issues in his blog announcing the advance notification.
Source : zdnet
This is the first Patch Tuesday since the end of support for Windows XP and Office 2003. Even though Microsoft provided an update one week ago for all Windows versions, including Windows XP, they do not plan to make any such accommodations this time.
Bulletin one, which will be released as MS14-022, is a remote code execution vulnerability for Microsoft Windows, specifically involving Internet Explorer. It is listed as critical for all client versions of Windows from Windows Vista through Windows 8.1 and moderate for all Windows Server versions. In such cases it is inevitable that the bug will be critical on Windows XP as well, but XP is not listed as among the products to be updated.
The other critical bulletin, Bulletin two (MS14-023), addresses at least one critical vulnerability in SharePoint Server 2007, 2010 and 2013.
Bulletins three and eight affect all supported versions of Microsoft Office: 2007, 2010 and 2013, both x86 and ARM, and are rated Important for all platforms. Office 2003, which also reached its end of support last month, is not listed as being scheduled to receive an update.
The other four bulletins and updates all affect Microsoft Windows and are rated Important. Based on the other products affected it would appear that Windows XP will be affected by bulletins four, five and six, but not seven.
As is usually the case, Microsoft will also release a new version of the Windows Malicious Software Removal Tool and a large collection of non-security updates to various Windows versions.
Dustin Childs, Group Manager for Microsoft Trustworthy Computing did not address the XP/Office 2003 issues in his blog announcing the advance notification.
Source : zdnet