Microsoft delivers 10 fixes in June security update

[nsane.forums]

Critical fix for all Windows users amongst patch haul

Microsoft has released the June edition of its monthly security update cycle.

The latest release contains ten bulletins which patch a total of 34 different vulnerabilities in Windows, Office and Internet Explorer.

Three of the bulletins have been rated as critical, Microsoft's top security risk level. The company is recommending that the users make installation of the critical fixes a top updating priority.

The critical flaws include a fix for remote code execution flaws in a media decompression component in all currently supported versions of Windows. Additionally, all client versions of Windows will receive a critical update for flaws in Internet Explorer.

A third critical bulletin introduces a set of killbits to prevent attacks on ActiveX components.

Each of the remaining seven bulletins address security flaws rated by the company as 'important.'

Among those bulletins are fixes for remote code execution vulnerabilities in Office as well as fixes for elevation of privilege flaws in Windows and a vulnerability which could allow an attacker to tamper with XML data in the .NET service.

McAfee Labs head of research and communications Dave Marcus said that many of the vulnerabilities addressed in the update could be exploited through social engineering attacks launched by unwitting users.

"These vulnerabilities could be exploited to booby trap web sites, Office and Windows Media files to gain control over vulnerable computers simply by tricking victims into opening a malicious file or clicking a malicious link," said Marcus.

"Aside from ensuring complete protection is running, computer users need to use common sense and avoid the dark alleys of the Internet as well as second guess and documents or links they are sent, including those that appear to come from friends, family or coworkers."

View: Original Article

[NoYB]

Patch baby patch! :P