Microsoft has released security bulletins for multiple vulnerabilities in Microsoft Outlook Express, Microsoft Windows Mail, Microsoft Windows Live Mail, Microsoft Office, and Microsoft Visual Basic for Applications. These bulletins are described in the Microsoft Security Bulletin Summary for May 2010.

Third-party software that distributes VBE6.DLL may also be affected. If the third-party application follows the best practices for using a shared component as a side-by-side assembly, then the component will be updated by the update provided by MS10-031. Otherwise, you should contact the vendor to obtain an updated version of the application with the fixed VBE6.DLL file.

Impact: A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash.

Solution: Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for May 2010. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).