Light Microsoft Patch Tuesday will not include a fix for Sharepoint

Microsoft is to issue only two software fixes in its Patch Tuesday monthly security update on 11 May, according to the advance bulletin.

One is rated “critical” for versions of the Windows operating system except Windows 7 and Windows 2008 R2, for which the rating is “important”.

This demonstrates the consistently better showing of Microsoft’s newer operating systems, said Wolfgang Kandek, chief technology officer at security firm Qualys MCTS Training.

The second patch will be for Office, where all versions are affected and it is rated “important”.

But it is rated “critical” for Visual Basic for Applications and its software developers kit, said Kandek.

Microsoft has notified customers the May security update will not include a fix for the vulnerabilities found in Sharepoint 2007 as they are still working on an update.

“It seems likely that we can instead expect an out-of-band patch this month for Sharepoint given the critical nature of the cross-site scripting vulnerability, said Alan Bentley, vice-president international at security firm Lumension

This vulnerability threatens sensitive corporate information housed on the enterprise content management system, he said MCITP Certification.

Microsoft is recommending applying workarounds until a fix is released to restrict access to the Help functionality in Sharepoint.