For its forthcoming May Patch Tuesday – May 11 – Microsoft will release two ‘critical’ security bulletins, fixing critical holes in its Windows and Office software. Both the ‘critical’ flaws can expose users to remote code execution attacks by hackers.

In addition, the Microsoft May patch will also be available to Windows 7 as well as Windows Server 2008, even though neither of these two products is affected by the critical vulnerabilities to be addressed.

However, no patch will be released for the last-month-detected security flaw in its Windows Sharepoint Server 3.0 and Office SharePoint Server 2007. These vulnerabilities have been given a slightly less severe “important” ranking, which implies that a hacker can potentially break into an organization’s system, for accessing and stealing sensitive information like customer data and intellectual property.

With Jerry Bryant, Microsoft group manager for response communications, noting in an official blog post that the company’s teams are “still working” on an update for SharePoint Server flaws, it has been suggested by the company that, till the time an update is released, users should apply workarounds like getting an administrator to limit access to the SharePoint Help. aspx so as to prevent an attack via this vector.

Bryant has also advised the users to begin preparing for the testing and deployment of both the soon-to-be-released ‘critical’ security bulletins “as soon as possible.”