Microsoft has now released their monthly Security Bulletin Summary for June.. There are a total of ten updates, corresponding to Security Bulletins MS09-018 through MS09-027. (The Summary has links to the relevant Knowledge Base articles.) Four of the fixes relate to core components of Windows, one to Internet Explorer, three to Microsoft Office components, and one each to IIS and Windows Search. All supported versions of Windows are affected by at least some of the updates; the table in the Summary under Affected Software and Download Locations gives the details.
Six of the vulnerabilities (in Windows, Internet Explorer, and Office) are rated by Microsoft as Critical, the most serious designation. Microsoft reserves this category for vulnerabilities that would allow someone to execute an arbitrary program from a remote location:
A vulnerability whose exploitation could allow the propagation of an Internet worm without user action.
The remaining fixes are rated as Important. (Definitions of the various categories are given here.) Apple Mac users should note that some of the Office updates apply to the Mac versions of MS Office.
The updates should be available through the normal Windows Update mechanism; the Summary contains download links for the stand-alone installation packages, which can be convenient if you have a number of machines to update.
As usual, I recommend that you install the security update at your earliest convenience. As is often the case, the potential consequences of an attack are more serious if you are running with an administrative account on Windows.
Update 15:30 Tuesday, June 9
The SANS Institute has now posted their evaluation of this month’s updates, broken down into server and desktop categories, along with what is known about active explots.
Update 12:00 Wednesday, June 10
According to Brian Krebs at the Washington Post, this month sets a new Microsoft record for the number of different security defects fixed in a single month, with 31. Doesn’t that make you feel better? Me neither.