|
Microsoft has released its scheduled monthly security update for June. The biggest ever, it contains 8 security bulletins labelled "critical”, the highest danger level possible. The bulletins deal with security flaws in Internet Explorer, Microsoft Media Player, Microsoft Windows and Microsoft Office applications. At least one of the vulnerabilities has already been exploited in the wild.
Overall, the update has fixes for 21 flaws; 16 of these are contained in the critical bulletins and18 in total could lead to remote code execution. The biggest single bulletin resolves 8 vulnerabilities affecting Internet Explorer and is deemed critical for all current versions of Microsoft's Internet browser. Another bulletin with several patches affects the Routing and Remote Access Service and could lead to remote code execution. It is rated as "critical” for Microsoft Windows 2000 and "important” for Windows XP SP 1 and 2, Windows Server 2003 and Server 2003 SP1. Among other critical updates are one that deals with the way in which Windows and IE render AOL ART images, another that closes a vulnerability in Windows Media Player (versions 7.1, 9 and 10), and a further one that covers a flaw in Microsoft Jscript. One other bulletin covers a vulnerability in the Graphics Rendering Engine that only affects Windows 98, 98 SE and Millennium.
Two further critical bulletins affect Microsoft Office components. One of these involves Microsoft Word and also affects Microsoft Works, while the other could allow remote code execution via Microsoft PowerPoint and is deemed critical in PowerPoint 2000.
Three bulletins were given the "important” rating. One resolves a vulnerability in Outlook Web Access and could lead to remote code execution, but is given only a second-tier security rating by Microsoft. A second one also deals with a remote code execution flaw in TCP/IP, while a third bulletin fixes problems with potential elevation of privileges and Denial of Service attack in the Server Message Block component of Windows. The last vulnerability, deemed only "moderate”, fixes an RPC Mutual Authentication spoofing problem.
At the same time, Microsoft last week decided not to release a fix for a major vulnerability that affects Windows Explorer in Windows 98 and Millenium, saying that it was "not feasible”. Microsoft explained that in order to fix the flaw it would need to "re-engineer a significant amount of a critical core component of the operating system”. Given the fact that Microsoft is phasing out support for older operating systems, the recommendation from the company is to upgrade to newer versions of Windows.
The June security update can be downloaded via Microsoft Update or directly from Microsoft TechNet. Users are advised to update their systems immediately.
|
