As mentioned in the previous post on this months security bulletin releases, there are confirmed to be only 2 bulletins this month.
Both have a severity rating of critical and an exploitability index rating of 2 – see below for charts of vulnerability and severity.
MS10-030addresses an issue on operating systems installed with mail clients such as Outlook express, Windows Mail and Windows Live mail. As such, not all OSes are affected – Windows 7 and Server 2008 R2 do not have a mail client installed as default.
MS10-031addresses a vulnerability in Microsoft Visual Basic for Applications (VBA). This is specific to VBA SDK 6.0. On affected systems software should be recompiled and redistributed once the update has been applied to ensure this remote code execution vulnerability is removed.
The ongoing sharepoint security advisory (983438) is available for those affected and covers workarounds to cross site scripting (XSS) vulnerability.
As echoed in the last two security bulletin posts, MS are taking Windows XP SP2 to end of support on July 13th, 2010 and Windows 2000 is retired on the same date – the latter meaning they will provide no further security updates, potentially leaving production versions of the operating systems vulnerable if not update to a later OS.