Microsoft's June Security Patch To Deliver 3 Critical Windows Fixes

Microsoft's monthly security update will be arriving this Tuesday, and it's already turning out to be a replay of sorts.

IT pros can expect to see the same number of fixes in June's patch as in last month's security update, according to Microsoft's advance notice, which was issued today. The June patch will be a repeat performance with three "critical" and four "important" bulletin items. And, like last month, the majority of the items deal with remote code execution (RCE) flaws.

The three high-profile critical items will aim at fixing RCE errors in Windows, Internet Explorer and .NET Framework.

One more RCE hole will be addressed by important bulletin No. 1, which applies to Microsoft Office and Visual Basic for Applications. The final three important items will address elevation-of-privilege flaws in Microsoft Dynamics AX and supported Windows versions.

Specific bulletin details are typically withheld by Microsoft until after the patch's release. The June patch will arrive on Tuesday at around 10 a.m. Pacific Standard Time.

Speculating on the contents of June's security update, Wolfgang Kandek, CTO of security firm Qualys, said that IT should put the elevation-of-privilege bulletins on the backburner until the RCE flaws are dealt with. He also highlighted an off-cycle security advisory regarding faked Microsoft certificates and the Flame malware that the company issued earlier this week.

"Most users should focus on bulletins 1-4, Windows and Office, together with the important security announcement from Microsoft regarding the abuse of a Microsoft certificate in the signing of the Flame malware," Kandek said, in an e-mail. "If you have not installed the update in Security Advisory 2718704 yet, you should plan on rolling it out as quickly as possible -- at least together with the other critical patches next week. It is a simple patch that only removes the offending certificates from the system certificate store and will harden the OS against the expected use of the Flame signing technique by future malware."

Kandek also said to be on the lookout for a critical fix to Java next week from Oracle.

In other security patch news, Adobe released today updates for Photoshop CS5 and Illustrator CS5 (for both Windows and Macintosh) that addresses RCE exploits in both software. The fixes can be downloaded here.

About the Author

Chris Paoli is the site producer for and


  • Sign

    2018 Microsoft Predictions Revisited

    From guessing the fate of Windows 10 S to predicting Microsoft's next big move with Linux, Brien's predictions from a year ago were on the mark more than they weren't.

  • Microsoft Recaps Delivery Optimization Bandwidth Controls for Organizations

    Microsoft expects organizations using its Delivery Optimization peer-to-peer update scheme will optimally see 60 percent to 70 percent improvements in terms of network bandwidth use.

  • Getting a Handle on Hyper-V Virtual NICs

    Hyper-V usually makes it easy to configure virtual network adapters within VMs. That is, until you need to create a VM containing multiple virtual NICs.

  • Microsoft Highlights Emerging Kubernetes Scalability and Governance Efforts

    Microsoft this week highlighted some emerging efforts to improve both the scalability and governance of the open source Kubernetes container orchestration service.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.