Hey Admins…. It’s that time again. The second Tuesday is upon us and May so far hasn’t been demanding as far as patching goes.
So far …. this month Microsoft has only issued two security announcements. MS10-030 and MS10-031. Microsoft has rated both as critical – and both could result in remote code being executed.
MS10-030 resolves an integer overflow in POP3 & IMAP mail responses to Outlook Express and Windows Mail…. MS10-031 addresses a stack memory corruption related to the way that “Visual Basic for Applications” searches for ActiveX components, when host applications provide specially crafted files to the Visual Basic runtime.
Adobe and Apple haven’t issued any security updates in May yet.
Apple’s last security update was on April 15th when they issued Security Update 2010-003 for OSX 10.5 and 10.6. ( 2010-003 addressed an issue with handling embedded fonts that could result in RCE )( see CVE-2010-1120 for more details )
Adobe’s last update was APSB10-10 on April 30th. APSB10-10 resolves issues in Photoshop CS4 (v11.0.0 ) for both Mac and Windows variants. Issues with Photoshop’s handling of specially crafted .TIFF files could lead to remote code execution ( see CVE-2010-1279 for more details ).