Microsoft releases its June Patch Tuesday update with 10 security bulletins. The bulletins fix 31 vulnerabilities across a number of Microsoft products.
plugged 31 vulnerabilities June 9 in a hefty Patch Tuesday
In all, Microsoft released 10
Six of them are critical and address problems in
Microsoft Word, Excel, Windows, Internet Explorer and Microsoft Works
One of the most serious of the bulletins fixes eight
Internet Explorer vulnerabilities,
including one affecting IE 8 that was
exploited at the CanSecWest
The most severe of the eight bugs can be exploited to allow
remote code execution if a user visits a malicious Web page. In addition to
being rated critical, the bulletin also received a "1" on Microsoft's
exploitability index, meaning that reliable exploit code is likely.
"If you're running IE 8 on Windows XP or are concerned about intranet-based
attacks, I would highly recommend putting this update on your high-priority 'to
do' list," Terri Forslof, TippingPoint's manager of security response,
said in a statement.
Two of the bulletins swat critical bugs in Microsoft Windows. MS09-18
two vulnerabilities in implementations of Active Directory on
Microsoft Windows 2000 Server and Windows Server 2003 and ADAM
(Active Directory Application Mode) when installed on Windows XP Professional
and Windows Server 2003. The other
critical Windows bulletin
affects Windows Print Spooler and addresses three
bugs. The most serious of the vulnerabilities could allow a hacker to execute
code remotely via a specially crafted RPC (remote procedure call) request.
each resolve a number of remote code execution vulnerabilities,
deals with a single issue in the Microsoft Works converters. The four noncritical
vulnerabilities include fixes for escalation of privilege issues in the Windows
kernel, the WebDAV
vulnerabilities Microsoft warned users about in May, a vulnerability in Windows
Search and a bug in the Windows RPC facility.
Microsoft also released an update for Office for Mac and Microsoft Works to
cover a PowerPoint vulnerability. Qualys CTO
Wolfgang Kandek said the Active Directory vulnerabilities patched in MS09-018
are the most urgent on the server side, while administrators will have their
hands full with a number of critical bugs affecting everything from Windows to
"June's Patch Tuesday is generating a major workload for IT
administrators," Kandek said.