Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Microsoft Security Patch Release June 2009 Advance Notification

Microsoft have released their Advance Notification for June 2009, with ten patches being identified for release next Tuesday.

Six patches, for Windows (2), Internet Explorer, Excel, Word, and Office have been rated as Critical, with the remaining four, for Windows, being rated as Important. From Microsoft's notification, the Critical patches can all lead to remote code execution in the worst case, while the Important patches can lead to elevation of privilege and information disclosure on exploitation.

Of the multiple Critical Windows patches being released, only Windows 2000 is affected at a level considered by Microsoft to warrant the Critical rating. The other supported versions of Windows are affected to lesser extents (Important or Moderate) and Windows Vista and 2008 are not required to apply the first Critical patch. Likewise, the Internet Explorer patch is only Moderate for Windows 2003 and 2008 systems, while the last two Important Windows patches are not applicable to Windows Vista or 2008 systems.

The Word, Excel and Office patches to be released are Critical for Office versions 2000, 2002 (XP), 2003 and 2007. Despite Word having its own standalone patch being released next week, the Office patch is being identified as only affecting the Word component of Office. The only Office version that the patches are Critical for is Office 2000 (and thus Word 2000, Excel 2000), the other versions are only rated as Important for the same vulnerabilities.

This month's release will also patch the software that MS09-017 wasn't able to address (OS X Office and Microsoft Works).

At this stage there is no plan to release a patch next Tuesday for the recently disclosed vulnerability with DirectShow (DirectX), specifically in quartz.dll, which can lead to remote code execution and which is being actively targeted in the wild.

5 June 2009

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.