Microsoft's June Security Patch To Deliver 3 Critical Windows Fixes -- Redmondmag.com

Microsoft's June Security Patch To Deliver 3 Critical Windows Fixes

By Chris Paoli
06/07/2012

Microsoft's monthly security update will be arriving this Tuesday, and it's already turning out to be a replay of sorts.

IT pros can expect to see the same number of fixes in June's patch as in last month's security update, according to Microsoft's advance notice, which was issued today. The June patch will be a repeat performance with three "critical" and four "important" bulletin items. And, like last month, the majority of the items deal with remote code execution (RCE) flaws.

The three high-profile critical items will aim at fixing RCE errors in Windows, Internet Explorer and .NET Framework.

One more RCE hole will be addressed by important bulletin No. 1, which applies to Microsoft Office and Visual Basic for Applications. The final three important items will address elevation-of-privilege flaws in Microsoft Dynamics AX and supported Windows versions.

Specific bulletin details are typically withheld by Microsoft until after the patch's release. The June patch will arrive on Tuesday at around 10 a.m. Pacific Standard Time.

Speculating on the contents of June's security update, Wolfgang Kandek, CTO of security firm Qualys, said that IT should put the elevation-of-privilege bulletins on the backburner until the RCE flaws are dealt with. He also highlighted an off-cycle security advisory regarding faked Microsoft certificates and the Flame malware that the company issued earlier this week.

"Most users should focus on bulletins 1-4, Windows and Office, together with the important security announcement from Microsoft regarding the abuse of a Microsoft certificate in the signing of the Flame malware," Kandek said, in an e-mail. "If you have not installed the update in Security Advisory 2718704 yet, you should plan on rolling it out as quickly as possible -- at least together with the other critical patches next week. It is a simple patch that only removes the offending certificates from the system certificate store and will harden the OS against the expected use of the Flame signing technique by future malware."

Kandek also said to be on the lookout for a critical fix to Java next week from Oracle.

In other security patch news, Adobe released today updates for Photoshop CS5 and Illustrator CS5 (for both Windows and Macintosh) that addresses RCE exploits in both software. The fixes can be downloaded here.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.