Critical Vulnerabilities in IE9 and Windows 7 SP1 to Be Patched Next Week

Users running Windows 7 Service Pack 1 (SP1) and Internet Explorer 9 will need to apply a number of Critical security bulletins which Microsoft plans to release next week as part of the company’s monthly patch cycle.

There are no less than Critical six patch packages planned for Windows 7 SP1, although there are seven in total, but customers will need to apply only one of the IE updates depending on the version of the browser they’re running, namely IE8 or IE9.

There are also additional security bulletins scheduled for release the coming week for all supported Windows releases, as well as for additional products from the software giant.

Angela Gunn, senior response communications manager, Trustworthy Computing, Microsoft, revealed that the Redmond company will provide “16 bulletins (nine Critical in severity, seven Important) addressing 34 vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, .NET, SQL, Visual Studio, Silverlight and ISA.

“All bulletins will be released on Tuesday, June 14, at approximately 10am PDT. Come back to this blog on Tuesday for our official risk and impact analysis, along with deployment guidance and a video overview of the release.”

June 2011 will mark the advent of the first security bulletin for Internet Explorer 9, and a Critical one at that.

According to the software giant, among the security flaws affecting IE, next week’s updates will also patch a zero-day (0-day) vulnerability, namely the hole which can potentially allow an attacker to perform cookiejacking.

Microsoft has said in the past that it doesn’t consider the cookiejacking vulnerability as posing much of a risk to IE users, and the company hasn’t changed its mind, it would appear.

“Given the prevalence of other types of social engineering methods in use by criminals, which provide access to much more than cookies, we believe this issue poses lower risk to customers. Further, based on a signature that has been released to millions of Microsoft Security Essentials and Forefront customers, the Microsoft Malware Protection Center (MMPC) has not detected attempts to use this technique,” Gunn added.