A welcome change after the huge update in April, on Tuesday, May 10, Microsoft is scheduled to release two security bulletins. The first addresses a critical vulnerability in Windows. The second, identified as Important, addresses two vulnerabilities in Microsoft Office. Both bulletins relate to remote code execution.
As explained in Exploitability Index Improvements Now Offer Additional Guidance:
"As of this month, we will split out the Exploitability Index into a rating for the most recent version of the software, and an aggregate rating for all older versions. In the scenario above, the rating for Windows 7 could be “2" whereas the rating for all other platforms would be "1”. This more accurately reflects risk to customers that keep their environment updated with the latest product releases."An additional feature to the Exploitability Index will be an assessment of the Denial of Service risk. Complete details are available in the above-referenced article.
- MSRC: Exploitability Index Improvements & Advance Notification Service for May 2011 Bulletin Release
- TechNet: Microsoft Security Bulletin Advance Notification for May 2011