Microsoft has 10 security bulletins coming June 9, its biggest Patch Tuesday release of 2009 so far.
Of the bulletins, six have the highest rating of “critical.” Two of those six address remote code execution vulnerabilities in the Windows operating system. The other critical bulletins affect multiple versions of Internet Explorer and Microsoft Word, Excel, and Office.
In addition to the six bulletins addressing critical vulnerabilities, Microsoft is pushing out four other bulletins, all of which are aimed at fixing issues in the Windows operating system. Three of the four are rated “important,” while the fourth is classified as “moderate.”
Not mentioned is the DirectShow vulnerability Microsoft warned users about in May as hackers began to launch attacks. The DirectX vulnerability lies in the way DirectShow handles supported QuickTime format files.
In a blog post, Microsoft officials said security teams are working hard on the DirectShow issue but do not have an update yet that is ready for release. Information about workarounds for the flaw can be found here.
A patch for a vulnerability affecting WebDav is also not on the menu. What did make the cut for Patch Tuesday is an update for Office for Mac and Microsoft Works to provide cover for a PowerPoint vulnerability.
Tas Giakouminakis, CTO of Rapid7, said the Microsoft security bulletins highlight the importance of enterprises having a solid patch management cycle.
“The large number of vulnerabilities to be patched in June shows that attackers are not slowing down and the opportunities for them to infiltrate customer networks are increasing,” Giakouminakis said.
The patches are slated to be released June 9.