14 DAY TRIAL // No less than ten security bulletins were released this month by Microsoft, patching a total of 34 vulnerabilities across a range of products, including Windows, Microsoft Office, Internet Explorer, and Internet Information Services (IIS). Three of the June 2010 patch packages carry a rating of Critical, patching vulnerabilities that, in the eventuality of a successful exploit, would permit attackers to perform remote code execution on an affected system. The remaining seven security bulletins are considered only Important by the Redmond company.
Still, users are advised to deploy the patches as soon as possible. The security updates are, of course, already available to customers worldwide through the software giant’s update infrastructure. Jerry Bryant, group manager, response communications, Microsoft, revealed that Microsoft had dealt with issues brought to the public’s attention with Security Advisory 983438 (cross-site scripting (XSS) vulnerability in SharePoint Server) and Security Advisory 980088 (information disclosure vulnerability in IE).
According to Microsoft, customers should prioritize the deployment of three security bulletins in particular:
“• MS10-033 is Critical on all supported versions of Windows. Affected components include Windows Media Encode 9 (not supported on Windows 7), Asycfilt.dll (COM component), Windows Media Format Runtime 9.0 and 9.5, and Quartz.dll. Attack vectors include maliciously crafted web pages and files. • MS10-034 is an ActiveX kill bit update that includes Kill Bits for two Microsoft controls and four third party controls. • MS10-035 is a cumulative update for Internet Explorer. There are 6 vulnerabilities being addressed in this update including the issue first discussed in Security Advisory 980088,” Bryant stated.
Customers running Windows 7 will need to deploy no less than seven security bulletins impacting the operating system. Three of the bulletins for Windows 7 are rated Critical, including the one that is designed to resolve issues in Internet Explorer 8, with the rest being Important. Below is a full list of the June 2010 security bulletins provided by Microsoft.
· MS10-032 addresses three vulnerabilities in Windows, has a maximum severity rating of Important and an Exploitability Index rating of 1;
· MS10-033 addresses two vulnerabilities in Windows, has a maximum severity rating of Critical and an Exploitability Index rating of 1;
· MS10-034 addresses two vulnerabilities in Windows, has a maximum severity rating of Critical and an Exploitability Index rating of NA;
· MS10-035 addresses six vulnerabilities in Internet Explorer, has a maximum severity rating of Critical and an Exploitability Index rating of 1;
· MS10-036 addresses one vulnerability in Office, has a maximum severity rating of Important and an Exploitability Index rating of 1;
· MS10-037 addresses one vulnerability in Windows, has a maximum severity rating of Important and an Exploitability Index rating of 2;
· MS10-038 addresses fourteen vulnerabilities in Office, has a maximum severity rating of Important and an Exploitability Index rating of 1;
· MS10-039 addresses three vulnerabilities in Windows and Office, has a maximum severity rating of Important and an Exploitability Index rating of 1;
· MS10-040 addresses one vulnerability in Windows, has a maximum severity rating of Important and an Exploitability Index rating of 2;
· MS10-041 addresses one vulnerability in Windows, has a maximum severity rating of Important and an Exploitability Index rating of 3;
· Security Advisory 973811 was revised to provide updates to implement channel binding for various platforms at regular intervals.
