Links

Other Posts

 


June Microsoft Patch Tuesday

Posted on June 9th, 2009 by Ryan Spanier

Microsoft has announced 10 new patches for its monthly patch release cycle.  These patches fix multiple Microsoft products, including Windows, Internet Explorer, and Microsoft Office.   Six patches are rated Critical, and affect all of the previously listed products, thereby allowing for remote code execution on vulnerable systems.  Gladiator recommends that users  immediately apply all Critical patches to their systems. Detailed information for the patches can be found in Microsoft’s June Security Bulletin.  Summary information is included below:

  • Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055) (MS09-018) – This update fixes a privately released remote code execution vulnerability in Windows 2000 Server, Windows Server 2003, and Windows XP Pro with Active Directory Application Mode installed (this is not typically installed by default).  This vulnerability is rated Critical, and should be patched as soon as possible.
  • Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501) (MS09-022) – This vulnerability affects the Print Spooler service.  This vulnerability was privately reported and is rated Critical.  This vulnerability should be patched as soon as possible on all workstations and servers.
  • Cumulative Security Update for Internet Explorer (969897) (MS09-019) - This patch fixes multiple vulnerabilities in Internet Explorer, including a publicly disclosed vulnerability.  Some of the vulnerabilities covered by this patch allow remote code execution with a high likelihood of functional exploit code in the near future.  Gladiator recommends that all systems be patched as soon as possible.
  • Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514) (MS09-027) – This patch fixes two privately disclosed vulnerabilities in Microsoft Word, both of which allow remote code execution.  Users would have to open a malicious Word document in order to be exploited.  Gladiator recommends that users apply this patch as soon as possible to all systems with Microsoft Office installed.
  • Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462) (MS09-021) – This patch fixes multiple privately disclosed vulnerabilities in Microsoft Excel that allow remote code execution.  Users would have to open a malicious Excel document in order to be exploited.  Gladiator recommends that users apply this patch as soon as possible to all systems with Microsoft Office installed.
  • Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632) (MS09-024) – This patch fixes a privately disclosed vulnerability in Microsoft Works Converter (used to convert Works documents to Office formats) that allows remote code execution.  Users would have to open a malicious Works document in order to be exploited.  Gladiator recommends that users apply this patch as soon as possible to all systems with Microsoft Office installed.
  • Vulnerability in RPC Could Allow Elevation of Privilege (970238) (MS09-026) – This patch is rated Important by Microsoft.  The vulnerable software is included with Windows but is not running in a default installation.  Gladiator recommends that users patch all systems affected by this vulnerability during their normal patch maintenance window.
  • Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537) (MS09-025) – This patch resolves both publicly and privately disclosed vulnerabilities in the Windows Kernel.  This patch is rated Important by Microsoft.  Gladiator recommends that users apply this patch during their normal patch maintenance window.
  • Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483) (MS09-020) - This patch resolves both publicly and privately disclosed vulnerabilities in the IIS.  This patch is rated Important by Microsoft.  Gladiator recommends that users apply this patch immediately for servers running public websites using IIS.  Other servers can be patched during their normal patch maintenance window.
  • Vulnerability in Windows Search Could Allow Information Disclosure (963093) (MS09-023) – This patch resolves a privately disclosed vulnerabilities in the Windows Search.  This patch is rated Moderate by Microsoft.  This patch affects an optional component since Windows Search is not installed by default in Windows XP or Server 2003.  Gladiator recommends that users apply this patch during their normal patch maintenance window.

Gladiator recommends that users patch their systems quickly for MS09-018, MS09-022, MS09-019, MS09-027, MS09-021, and MS09-024 as exploit code has either been released or is likely to be released in the near future.

Related Links:

Tags: ,


Reader Comments

Sorry, comments are closed.