Wednesday, June 17, 2009

Heavy Security Patch Coming on Tuesday

By Jabulani Leffall06/05/2009

June may prove to be a busy month for IT pros, with Microsoft planning to release 10 fixes in its next security patch.

On Tuesday, Redmond expects to deliver six "critical" and three "important" fixes, as well as one "moderate" fix in its monthly patch.

Items slated to be fixed include Windows, Internet Explorer, Word, Excel and the general Microsoft Office suite. All six critical fixes deal with potential remote code execution vulnerabilities. The important fixes are designed to thwart elevation-of-privilege attacks, and the lone moderate patch addresses information disclosure exploits.


Critical Items
The first critical item patches Windows 2000, Windows XP and Windows Server 2008. All supported Windows versions are slated to get patched in the second critical fix.

The third critical bulletin appears to be one of many periodic and cumulative fixes for Microsoft's Internet Explorer browser, covering IE 6, IE 7 and IE 8 across all OSes. Security pros will likely want to focus on this fix, given the rise in browser-based exploits.

Critical fix No. 4 will address Word in the following Microsoft Office suites: Office 2000 Service Pack 3, Office XP SP3, and 2007 Microsoft Office System SP1 and SP2. This wide-ranging fix extends as well to the following applications: Office 2004 and 2006 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Word Viewer and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 file formats.

The fifth critical bulletin will touch on the Excel spreadsheet program. The same Office components apply as described above, and the fix also will cover Office Excel Viewer and Microsoft Office SharePoint Server 2007 SP1 and SP2.

The final critical item is a cumulative Office hotfix. It will address Office 2000, Office 2002, Office 2003 and Office 2007. Microsoft Works 8.5 and 9.0 versions are also covered.

Important and Moderate Items
All of the items deemed important in the June patch have elevation-of-privilege considerations. The first important fix covers every Windows OS version, as does the second important fix.

The third important item will address only Windows 2000, XP and Windows Server 2003, while the fourth important bulletin will only cover Windows XP and Windows 2003. The lone moderate item for this massive June slate is also a Windows OS fix and will only cover Windows XP and Windows 2003.

As usual, Redmond is reminding users interested in nonsecurity updates to visit its monthly knowledgebase article, which lists what Windows users can expect via Windows Update, Microsoft Update and Windows Server Update Services. Those items include a rollup for ActiveX Killbits for Windows, junk e-mail filter and malicious software removal upgrades, plus a cumulative update for Media Center TVPack for Windows Vista.