Big Windows June update day



Updates for Windows for the month of June are out today and it looks like some list! 12 updates covering 20 or more vulnerabilities. MANY of these are tagged as critical. (Critical vulnerabilities are considered remotely exploited or with little (or no) user interaction.) Sans has a good listing of the advisories. This month it is a bit much to track in one big whallop… but I’ll try to give a summary here.


1 patch (well actually 8) is a rollup for Internet Explorer (4 of the 8 are critical) – so it’s a critical patch. (All versions of IE) There’s also a vulnerability with rendereding .ART image files (*AOL uses ART format apparently.)(everything from Win 98 -2003) There’s also a critical javascript vulnerability (everything from Win 98 -2003)… there’s a Media player vulnerability affecting just about any version of media player. And a RRA (Routing and Remote Access) vulnerability. RRA is essentially Remote Access Dial up Server for Windows Servers. Details on how this could be exploited here.

There’s a graphics rendering software patch for older Windows releases (ME 98 (SE too)). BTW Next month is the last scheduled patch day for those OS’s. Also, the Word vulnerability of the last months news… is patched (critical) and a Powerpoint vulnerability which is also a critical.

There are four other updates MS06-29 for Exchange is listed as Important, as is MS06-030 for SMB *(privilege escalation). There is one more Important update MS06-032 (IP source routing allows remote code execution) and a Moderate… MS06-031 (RPC mutual authentication spoofing.)

Further, MS06-011 was re-released. It was essentially to patch a privilege escalation vulnerability.

As always it’s DEFINITELY worth keeping up with windows updates. I highly recommend using the newer Microsoft Update tool (which covers Office software as well as the core Operating System updates.)

   Send article as PDF   

Similar Posts