Microsoft Security Patches, June 2010

Microsoft has released its regular monthly Security Bulletin Summary for June, which includes 10 individual security bulletins, which address 30+ underlying vulnerabilities in Windows and its components; three of these bulletins have a Critical severity rating, and the remaining seven are rated Important.   Every supported version of Windows has at least one Critical bulletin; Microsoft Office and SharePoint Server are also affected.  (My preview note has a breakdown of bulletin severity by software version.)   Microsoft rates many of the underlying vulnerabilities as very likely to be exploited.

As usual, I recommend installing these patches as soon as you can conveniently do so.

Update, Tuesday, 8 June, 14:59 EDT

The SANS Internet Storm Center has now posted their summary and evaluation of this month’s patches.   They have rated seven of the ten bulletins as Critical for desktop machines.

Apple Releases Safari Update

Apple has released a new version, 5.0, of its Safari Web browser, which addresses a number of security vulnerabilities, for Mac OS X and Windows.  (Apple also released Safari 4.1 for Mac OS X 10.4 systems, which has fixes for the same security issues.)   Details of the vulnerabilities fixed in this release are here.   You can get the new versions from this download page.

Adobe Status Update

Adobe Systems has updated their Security Advisory, APSA 10-01, to reflect their timetable for issuing a patch for the security vulnerability I posted about Saturday.  A patch for Flash Player is expected within a couple of days; a patch for Acrobat and Adobe Reader is scheduled to be released near the end of this month:

We are in the process of finalizing a fix for the issue, and expect to provide an update for Flash Player 10.x for Windows, Macintosh, and Linux by June 10, 2010. The patch date for Flash Player 10.x for Solaris is still to be determined. We expect to provide an update for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX by June 29, 2010.

The Security Bulletin lists mitigation steps that can be taken until the relevant patches are released.