Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Microsoft Security Patch Advance Notification - June 2008

This coming Tuesday, Microsoft are planning to release seven patches with the June Security Patch Release, according to the advance notification advice released by Microsoft and their MSRC.

Of the seven patches due for release, three have been identified as Critical, all leading to remote code execution opportunities and affecting different components of core Microsoft Windows software. A Bluetooth patch, cumulative Internet Explorer update, and separate ActiveX bulletin comprise the Critical updates (though the ActiveX bulletin could be integrated with the Internet Explorer cumulative update).

The three Important updates identified by Microsoft target an elevation of privilege and denial of service opportunities affecting WINS, Active Directory, and PGM, again elements of the core Windows system.

The remaining Moderate patch is for a kill bit issue that can lead to arbitrary remote code execution, though why it isn't identified as Critical like the other remote code execution vulnerabilities has not been identified.

All versions of Windows from Windows 2000 will be affected by this month's patches, with Critical remote code execution bugs being patched on all systems.

Other non-security high-priority updates will be released through the Microsoft Update and Windows Server Update Service at the same time, as well as the Microsoft Windows Malicious Software Removal Tool receiving an update.

In separate reporting, Microsoft's Security Vulnerability Research & Defense group have released information that indicates that the Microsoft Works ActiveX control proof of concept that was recently released will not be receiving an update, as the default behaviour of Internet Explorer should be not to load the ActiveX control (it falls into the 'ActiveX controls not marked as safe for scripting' section which should be Disabled by default). Note that this doesn't deny there is a problem, just that the default system behaviour should be enough to protect users.

8 June 2008

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.