May 2008 Monthly Release

This is Tami Gallupe, MSRC Release Manager, and I want to let you know that we just posted our May 2008 Bulletins. We released four bulletins today, which include three bulletins with severity rating of critical and one with the severity rating of moderate. We also re-released MS06-069 to add XP SP3 as an affected version.


Here is a summary of what we released:


MS08-026  Vulnerabilities in Microsoft Word Could Allow Remote Code Execution

MS08-027  Vulnerability in Microsoft Publisher Could Allow Remote Code Execution

MS08-028  Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution

MS08-029 Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service


I think it is also worth noting that MS08-026 includes additional security mitigations against attacks as identified in Microsoft Security Advisory 950627. We recommend that customers install the updates provided in both MS08-026 and MS08-028 for the most up to date protection against these types of attacks.  


Our Security Vulnerability Research & Defense blog this month discusses MS08-026.  You can find a post discussing built-in functionality to turn off the vulnerable parsing code for one of the fixed vulnerabilities at


I want to invite you to join us for the monthly webcast that starts tomorrow (Wednesday, May 14th) at 11:00 AM PST.  We’ll be discussing today’s release and answering your questions on the air. Click here to register for the May Security Bulletin Webcast.  We look forward to hearing from you tomorrow.





*This posting is provided “AS IS” with no warranties, and confers no rights.*