Microsoft Patch Tuesday Fixes Windows, PowerPoint

Dennis Faas's picture

Microsoft unveiled a modest Patch Tuesday collection of fixes for its software products this month. However, at least a few of the patches address security holes that experts say could be easily exploited.

On Tuesday, Microsoft's series of May patches addressed just three bugs, only one of which is marked "critical," the company's highest security rating. The most serious patch is labeled MS11-035 and is intended to fix a vulnerability in the Windows Internet Name Service (WINS), a component in every edition of Windows Server.

Critical Update Not Automatically Deployed

The way in which Microsoft deployed MS11-035 has frustrated some security experts.

While security patch MS11-035 is labeled "critical", it was not installed by default. Security experts said such a dismissal is absurd, since most businesses and government organizations require the Windows Internet Name Service.

"Most organizations have to install WINS," noted Rapid7 enterprise security community manager, Marcus Carey. "With governments and big agencies -- any large network -- WINS is going to be running." (Source:

As for the threat to WINS itself, the problem is substantial. According to reports, unlike most security holes a hacker wouldn't need to trick a user into clicking anything. Instead, they'd just have to find a vulnerable server and upload malicious data.

PowerPoint Targeted, but not PowerPoint 2010

Another flaw addressed by the Patch Tuesday release is an "important" issue in Microsoft PowerPoint, a program within the Office suite.

A bug in PowerPoint could allow hackers to take remote control of a machine if a user opens a specially designed and malicious PPT (PowerPoint) file. It's worth noting, however, that PowerPoint for Office 2010 is not affected. (Source:

In all, there were a very small number of fixes this month. Likely next month will see substantially more. PC users should "brace themselves for a larger update" next month, said one security expert.

Rate this article: 
No votes yet