Microsoft Patches 34 vulnerabilities in Windows, Office, IE, .NET, SQL, VS, Silverlight, VML and ISA

Microsoft’s June 2011 security bulletins are now out, and customers worldwide should apply the patches as soon as possible.

No less than 34 vulnerabilities have been addressed with this month’s security updates according to Angela Gunn, senior response communications manager, Microsoft Trustworthy Computing.

The June 2011 security bulletins cover a wide range of products, including Windows, Office, Internet Explorer, .NET, SQL, Visual Studio, Silverlight, VML and ISA, per Gunn’s enumeration.

Out of the 16 patch packages already live on Windows Update, nine have been rated as Critical with the remaining seven considered to pose a lower risk to customers, and carrying a rating of just Important.

Gunn also stressed that customers need to prioritize the deployment of four Critical-level updates in particular:

“•MS11-042 (DFS). This bulletin resolves two privately reported issues affecting all versions of Windows.

•MS11-043 (SMB Client). This bulletin resolves one privately reported issue affecting all versions of SMB Client on Windows.

•MS11-050 (Internet Explorer). This security bulletin resolves 11 privately reported issues in Internet Explorer.

•MS11-052 (Windows). This bulletin resolves one privately reported issue in Windows and is also Critical.”

However, the best course of action both for end users and for businesses is to make sure that all updates are applied as soon as possible, especially since some of the patches are designed to resolve several publicly disclosed vulnerabilities.

“Since we’ve started specifying separate Exploitability Index ratings for the current and the earlier versions of products affected by each vulnerability, it’s easier to see how individual vulnerabilities affect newer products versus older ones,” Gunn said.

“We assign Exploitability Index ratings solely to Critical- and Important-severity vulnerabilities, and there are 32 of those this month (the others are Moderate-level issues in MS11-050). Of those, 14 vulnerabilities have a lower Exploitability Index rating for the latest-and-greatest version of the software than for the older version, or the latest version isn’t affected at all. The remaining CVEs have no difference in severity between the versions.”

June 2011 Critical security bulletins:

- MS11-050 (IE)

- MS11-052 (Vector Markup Language)

- MS11-043 (SMB Client)

- MS11-042 (DFS Client)

- MS11-038 (OLE Automation)

- MS11-040 (Forefront TMG firewall client)

- MS11-039 (.NET/Silverlight)

- MS11-044 (.NET Framework)

- MS11-041 (Opentype Font driver)

June 2011 Important security bulletins

- MS11-046 (AFD.sys driver)

- MS11-045 (Excel)

- MS11-051 (Active Directory Certificate Server)

- MS11-037 (MHTML)

- MS11-048 (SMB Server)

- MS11-047 (Hyper-V)

- MS11-049 (Visual Studio XML Editor)