News

Microsoft's June Security Patch To Deliver 3 Critical Windows Fixes

Microsoft's monthly security update will be arriving this Tuesday, and it's already turning out to be a replay of sorts.

IT pros can expect to see the same number of fixes in June's patch as in last month's security update, according to Microsoft's advance notice, which was issued today. The June patch will be a repeat performance with three "critical" and four "important" bulletin items. And, like last month, the majority of the items deal with remote code execution (RCE) flaws.

The three high-profile critical items will aim at fixing RCE errors in Windows, Internet Explorer and .NET Framework.

One more RCE hole will be addressed by important bulletin No. 1, which applies to Microsoft Office and Visual Basic for Applications. The final three important items will address elevation-of-privilege flaws in Microsoft Dynamics AX and supported Windows versions.

Specific bulletin details are typically withheld by Microsoft until after the patch's release. The June patch will arrive on Tuesday at around 10 a.m. Pacific Standard Time.

Speculating on the contents of June's security update, Wolfgang Kandek, CTO of security firm Qualys, said that IT should put the elevation-of-privilege bulletins on the backburner until the RCE flaws are dealt with. He also highlighted an off-cycle security advisory regarding faked Microsoft certificates and the Flame malware that the company issued earlier this week.

"Most users should focus on bulletins 1-4, Windows and Office, together with the important security announcement from Microsoft regarding the abuse of a Microsoft certificate in the signing of the Flame malware," Kandek said, in an e-mail. "If you have not installed the update in Security Advisory 2718704 yet, you should plan on rolling it out as quickly as possible -- at least together with the other critical patches next week. It is a simple patch that only removes the offending certificates from the system certificate store and will harden the OS against the expected use of the Flame signing technique by future malware."

Kandek also said to be on the lookout for a critical fix to Java next week from Oracle.

In other security patch news, Adobe released today updates for Photoshop CS5 and Illustrator CS5 (for both Windows and Macintosh) that addresses RCE exploits in both software. The fixes can be downloaded here.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Ending Three Certifications in June

    Microsoft announced plans on Thursday to end three certification programs on June 30, 2020, and that separate exams for Windows Server 2019 and SQL Server 2019 won't be available.

  • Microsoft To Bring Cortana Changes in Spring Windows 10 Update

    Microsoft plans to update the user experience associated with its Cortana personal assistant software with the coming spring feature update of Windows 10, according to a Friday announcement.

  • What It's Like To Work on the Moon (Without Actually Going to the Moon)

    Brien's lunar training often puts him in situations where where gravity, as we Earthlings know it, doesn't exist.

  • New Edge Browser Getting Ability To Block Unwanted Apps

    The new Chromium-based Microsoft Edge browser is getting the ability to block potentially unwanted applications (PUAs), Microsoft announced on Thursday.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.