Microsoft Patch Tuesday Arrives
Microsoft releases seven bulletins, three of which are critical, in June's Patch Tuesday update.Microsoft's June Patch Tuesday has arrived with three "critical" bulletins in tow. Microsoft issued a total of seven bulletins June 10, with the three rated critical affecting Internet Explorer, DirectX and Bluetooth. All three address vulnerabilities that permit hackers to execute code remotely.
The IE bulletin addresses two vulnerabilities, one of which has already been disclosed publicly. Microsoft officials warned that both vulnerabilities can be exploited if a victim views a malicious Web page, with the publicly disclosed vulnerability allowing hackers to steal information. According to the company, enterprises can reduce the impact of the issue by minimizing user rights.
Also included in the Patch Tuesday update are three bulletins rated "important" that deal with vulnerabilities in PGM (Pragmatic General Multicast), Active Directory and WINS (Windows Internet Name Service). The vulnerabilities involving PGM and Active Directory can cause a denial-of-service condition, while the WINS bulletin addresses an escalation-of-privileges situation. While Microsoft did not rate the Active Directory vulnerability critical, Tyler Reguly, a security engineer with nCircle, said this vulnerability may be the most interesting to enterprises. "It actually replaces a previous AD DoS from earlier this year and affects everything that could be running AD, all the way up to Server 2008," Reguly said. "While this doesn't affect most systems in a enterprise environment, it does affect any [or] all domain controllers that exist and these are considered critical infrastructure." The final bulletin, rated "moderate," deals with Kill Bit and can result in remote code execution. This month's Patch Tuesday release brings the number of security bulletins issued by Microsoft to 36 in 2008.