Tuesday, June 8, 2010

Microsoft Patch Tuesday: 10 bulletins, many critical, reboot required

Well, this month's set of Microsoft patches have been released, and it's a big set. Microsoft is urging that system admins roll out several of these ASAP as exploit code is either "in the wild" or easy to develop.

Microsoft finally fixes Pwn2Own browser flaw | ZDNet
The Microsoft Patch Tuesday train rolled into town today, dropping off a massive 10 security bulletins with fixes for at least 34 documented vulnerabilities.

Three of the bulletins are rated “critical” because of the risk of remote code execution attacks. Affected products include the Windows operating system, Microsoft Office, the Internet Explorer browser and Internet Information Services (IIS).

This month’s patch batch also provides cover for a known cross-site scripting flaw in the Microsoft SharePoint Server and a publicly discussed data leakage hole in Internet Explorer.

Microsoft is urging its users to pay special attention to MS10-033 (Windows), MS10-034 (ActiveX killbits) and MS10-035 (Internet Explorer) because these contain fixes for issues that may be exploited by malicious hackers very soon.

Here’s the skinny on these three bulletins:

ISC SANS has a simple table listing all the patches and how critical they are on workstations and servers:

June 2010 Microsoft Black Tuesday Summary
Overview of the June 2010 Microsoft Patches and their status.

This month's Microsoft Technet blog page on June's patch set is for once readable and enlightening:

Assessing the risk of the June Security Bulletins - Security Research & Defense - Site Home - TechNet Blogs
Today we released ten security bulletins. Three have a maximum severity rating of Critical and seven have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

The official Bulletin is here:
Microsoft Security Bulletin Summary for June 2010

Home users should patch as soon as possible. Business users should wait a day or two but plan to roll out the patches next week at the latest.

No comments: