MS Patch Tuesday heads-up: Critical Windows update on deck

Microsoft plans to have a quiet Patch Tuesday this month:  Just two bulletins covering security vulnerabilities in the Windows operating system and Office productivity suite.

According to an advance notice from Redmond, the Windows update will be rated "critical" because of the risk of remote code execution attacks.  This patch only affects Windows Server 2003, Windows Server 2008 and Windows Server 2008 R2.

The Microsoft Office patch will carry an "important" rating and will also cover flaws that can be exploited in remote code execution attacks.

The patches are expected to be released on May 10, 2011 at 1:00 PM Eastern.

Microsoft also announced plans to modify its Exploitability Index to provide more details for Windows users running the newest software versions.

The Exploitability Index assesses the likelihood of functional exploit code being developed for a particular vulnerability. By providing the index information month over month, we’re helping customers prioritize the security updates that matter to them. The Exploitability Index will continue to provide an aggregate exploitability rating across all affected products, and the improvements made to Exploitability Index will now offer additional information to help customers prioritize bulletins, specifically for the most recent platforms, e.g. Windows 7 Service Pack 1 and Office 2010.

The changes effectively means that Microsoft will split out the Exploitability Index into a rating for the most recent version of the software, and an aggregate rating for all older versions.