Microsoft's June Security Patch To Deliver 3 Critical Windows Fixes

Microsoft's monthly security update will be arriving this Tuesday, and it's already turning out to be a replay of sorts.

IT pros can expect to see the same number of fixes in June's patch as in last month's security update, according to Microsoft's advance notice, which was issued today. The June patch will be a repeat performance with three "critical" and four "important" bulletin items. And, like last month, the majority of the items deal with remote code execution (RCE) flaws.

The three high-profile critical items will aim at fixing RCE errors in Windows, Internet Explorer and .NET Framework.

One more RCE hole will be addressed by important bulletin No. 1, which applies to Microsoft Office and Visual Basic for Applications. The final three important items will address elevation-of-privilege flaws in Microsoft Dynamics AX and supported Windows versions.

Specific bulletin details are typically withheld by Microsoft until after the patch's release. The June patch will arrive on Tuesday at around 10 a.m. Pacific Standard Time.

Speculating on the contents of June's security update, Wolfgang Kandek, CTO of security firm Qualys, said that IT should put the elevation-of-privilege bulletins on the backburner until the RCE flaws are dealt with. He also highlighted an off-cycle security advisory regarding faked Microsoft certificates and the Flame malware that the company issued earlier this week.

"Most users should focus on bulletins 1-4, Windows and Office, together with the important security announcement from Microsoft regarding the abuse of a Microsoft certificate in the signing of the Flame malware," Kandek said, in an e-mail. "If you have not installed the update in Security Advisory 2718704 yet, you should plan on rolling it out as quickly as possible -- at least together with the other critical patches next week. It is a simple patch that only removes the offending certificates from the system certificate store and will harden the OS against the expected use of the Flame signing technique by future malware."

Kandek also said to be on the lookout for a critical fix to Java next week from Oracle.

In other security patch news, Adobe released today updates for Photoshop CS5 and Illustrator CS5 (for both Windows and Macintosh) that addresses RCE exploits in both software. The fixes can be downloaded here.

About the Author

Chris Paoli is the site producer for and


  • Exploring OCR, a New Way To Get Data into Excel

    Microsoft recently added a new optical character recognition feature to Excel that lets users import data from a photograph taken from a smartphone. Here's how to use it.

  • Microsoft Authenticator App To Get Real-Time Phishing Protections

    Microsoft is working on adding capabilities to its Microsoft Authenticator app to help defeat security breaches enabled by advanced attack techniques, including phishing and man-in-the-middle methods.

  • A Quicker Way To Create Hyper-V Inventory Reports

    If you need to generate Hyper-V inventory reports but don't want the hassle of writing your own custom PowerShell script, here is a shortcut.

  • Microsoft Previews New Azure Active Directory Roles and Bulk Management Capability

    Microsoft this week announced a couple of noteworthy previews of new capabilities for IT pros using the Azure Active Directory identity and access management service.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.