Microsoft has just released the patches for May. The details are available at https://technet.microsoft.com/library/security/ms15-may
There are a total of thirteen bulletins, three of which are designated as CRITICAL and the remaining ten are designated as IMPORTANT.
The bulletins are identified as MS15-043/MS15-055
CRITICAL patches for May
The CRITICAL vulnerabilities apply to Internet Explorer, Windows, .NET framework, Office, Lync and Silverlight and could allow remote code execution if successfully exploited.
However, other sources have identified patch MS15-046 (for Microsoft Office) as critical for workstation operating systems and MS15-047 (Microsoft server software) as critical for Server operating systems.
MS15-043 – Internet Explorer
There are a total of twenty-two remote code execution vulnerabilities being patched in Internet Explorer. As of this time, the vulnerabilities do not appear to have been disclosed publicly and are not currently being exploited.
Note: The vulnerabilities are classified as MODERATE for Server operating systems.
MS15-044 – various products
There are two remote code execution vulnerabilities being patched for a number of Microsoft products such as Windows, .NET framework, Office, Lync and Silverlight. The vulnerabilities apply to Microsoft Font Drivers. Currently no known exploits are publicly available.
MS15-045 – Windows
There are six remote code execution vulnerabilities being patched in Windows Journal. Currently no known exploits are publicly available.
MS15-046 – Office/Office Web Apps/SharePoint (classified as IMPORTANT by Microsoft)
There are two remote code execution vulnerabilities being patched in all currently supported versions of Microsoft Office (Macintosh and Windows). There have been no reports of exploits being publicly available as of this time.
Note: other sources such as https://isc.sans.edu/forums/diary/May+2015+Microsoft+Patch+Tuesday+Summary/19685/ indicate that the vulnerability should be considered CRITICAL for workstation operating systems.
MS15-047 – SharePoint (classified as IMPORTANT by Microsoft)
There is one remote code execution vulnerability being patched for SharePoint server implementations. There have been no reports of exploits being publicly available as of this time.
Note: other sources such as https://isc.sans.edu/forums/diary/May+2015+Microsoft+Patch+Tuesday+Summary/19685/ indicate that the vulnerability should be considered CRITICAL for server operating systems.
Remaining patches designated as IMPORTANT
The IMPORTANT bulletins apply to Office, Windows, .NET framework, Silverlight and Microsoft Server software.
All other patches released on May 12 (MS15-048-MS15-055) are designated as IMPORTANT and would enable an elevation of privilege (or less significant issues – such as information disclosure or denial of service) if successfully exploited.
A recent update to the ISC.sans.edu site indicates that the vulnerability identified in MS15-51 for Windows Kernel mode drivers is being actively exploited.
Patches are also being released for Adobe Flash and also Adobe Reader and Acrobat. The updated versions of Flash are 126.96.36.199 (Flash) and 10.1.14 for version ten of Adobe Reader and Acrobat and 11.0.11 for version 11 of Reader and Acrobat.
Details for the Adobe patches are available at
Acrobat/Reader update – https://helpx.adobe.com/security/products/reader/apsb15-10.html
AgriLife ISO Recommendation
According to the Adobe links, the vulnerabilities for Flash and Acrobat/Reader are being actively exploited. Considering that issue and the fact that the Internet Explorer vulnerabilities are likely to be exploited in the near future, it is recommended that the May patches for Microsoft and Adobe products be applied as soon as possible to workstation systems and when feasible for server systems following appropriate testing.