No Security Update for Vista this month
Microsoft released their monthly Security Updates this month. There's no security update for Vista today.
They released 4 Security Bulletins that affects Office, Windows 2000, XP, 2003 and their antimalware products namely Windows Live OneCare, Microsoft Antigen, Microsoft Windows Defender, Microsoft Forefront Security
- MS08-026 - Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
- MS08-027 - Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208)
- MS08-028 - Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749)
- MS08-029 - Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044)
Microsoft re-released Security Bulletin MS06-069. Bulletin updated to add Windows XP Service Pack 3 as affected software. This is a detection update only. There were no changes to the binaries.
The Bulletin Summary for this month is as http://www.microsoft.com/technet/security/bulletin/ms08-may.mspx
The Microsoft Security Response Team wrote:
I think it is also worth noting that MS08-026 includes additional security mitigations against attacks as identified in Microsoft Security Advisory 950627. We recommend that customers install the updates provided in both MS08-026 and MS08-028 for the most up to date protection against these types of attacks.
Our Security Vulnerability Research & Defense blog this month discusses MS08-026. You can find a post discussing built-in functionality to turn off the vulnerable parsing code for one of the fixed vulnerabilities at http://blogs.technet.com/swi/archive/2008/05/13/file-block-and-ms08-026.aspx
http://blogs.technet.com/msrc/archive/2008/05/13/may-2008-monthly-release.aspx
If you have problem with the security updates, please do not hesitate to inform Microsoft. It's a free support. Call 1-866-PCSAFETY if you are in the US or Canada. If you are in other location, please go to this page.
Please remember that Microsoft NEVER sends security update via e-mail. Example of this fake and infected email pretending to be from Microsoft as May 2008 update is here.