Today is the second Tuesday of June, so, in keeping with its usual schedule, Microsoft has released this month’s batch of security bulletins and patches for Windows and related software. This month, there are seven bulletins, for 25 identified vulnerabilities. Five of the bulletins are for Windows and its components; three of these have a maximum severity rating of Critical, and the other two are rated Important. All supported versions of Windows are affected. (For a breakdown of bulletins by severity and Windows version, please see this month’s preview post.)
There is also a bulletin that affects Microsoft Office and Visual Basic for Applications, which is rated Important. [See Update below.] The final Important bulletin affects Microsoft Dynamic AX; this is component of Microsoft’s ERP [Enterprise Resource Planning] software, and will not be relevant to most users.
Further details, and download links, are in the Security Bulletin Summary for June 2012. Microsoft says that two of the patch installations will definitely require a system restart, and the others may require one, depending on the configuration of your system.
The folks at the SANS Internet Storm Center have posted their usual analysis of this month’s patches, along with their severity ratings for client and server systems. They rate one bulletin, MS12-037 for Internet Explorer and components, as “Patch Now“, because active exploits have been reported.
As always, I recommend that you update your systems as soon as you conveniently can.
Update Tuesday, June 12, 22:45 EDT
I missed this on my initial reading of the Security Bulletin Summary. One bulletin, MS12-039, was described in the preview announcement last Thursday as applying to Microsoft Office and Visual Basic for Applications. In the final summary, it is identified as applying to Microsoft Communicator and Lync.; the severity rating is still Important. Mea culpa.