As Microsoft does on a regular basis, they have issued an advanced security bulletin notification for May 2011, which contains two bulletins affecting Windows Server and Microsoft Office.
The first bulletin affecting Windows Server is rated as critical due to remote code execution, the following versions of Windows Server are affected: Windows Server 2003 SP2 (x86, x64, and Itanium-based systems), Windows Server 2008 (x86 and x64), Windows Server 2008 SP2 (x86 and x64), and Windows Server 2008 R2 RTM and SP1 (x64).
The second bulletin covers Microsoft Office, which is important with a “vulnerability impact” of remote code execution, and affects the following versions of Office: Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 for Mac, Office 2008 for Mac, Open XML File Format Converter for Mac, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2.
These security bulletins will be addressed next Tuesday, which is May 10, 2011.
Exploitability Index Update
Microsoft uses the Exploitability Index to let users know how likely it is that the vulnerability could be consistently exploited. However, currently the Exploitability Index provides an aggregated rating, meaning that all versions are grouped together. The problem is a lot of times newer versions of Microsoft software provide mitigation features making the vulnerabilities very hard to exploit, or they may be nonexistent.
With the updated Exploitability Index Microsoft will detail the possibilities of a consistent exploit of the vulnerability on the newest version of the software, then aggregate all the older versions together in a separate rating.
For more information, see: Exploitability Index Improvements Now Offer Additional Guidance.