Hello and welcome to this month’s blog on the Microsoft patch releases. This is a light, yet moderate month—the vendor is releasing one bulletin covering a total of 14 vulnerabilities. This is the first time we've seen a single bulletin cover so many vulnerabilities since Microsoft started the monthly patch program.
All the issues are remote code-execution vulnerabilities in PowerPoint, and Microsoft has rated 11 of them “Critical.” For any of these issues to be triggered, a victim must open a specially crafted file with a vulnerable version of PowerPoint.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available. - Run all software with the least privileges required while still maintaining functionality. - Avoid handling files from unknown or questionable sources.
Microsoft’s summary of the May releases can be found here:
