News

Microsoft To Deliver Large Number of Patches for June

Microsoft's June security update rollout will be a hefty 10 patches -- three "critical" and seven "important."
 
As usual, remote code execution (RCE) exploit considerations rule the day, covering six of the total patches, trailed by three elevation of privilege fixes and a rare tampering risk patch to round out the slate.
 
"It might be summertime but there's no sunshine expected from Microsoft next Tuesday, as the company warned users today that they'll be releasing ten security bulletins," said Paul Henry Lumension's Security & Forensic Analyst. "The impact will be felt enterprise-wide, with bulletins covering a large portion of Microsoft's range of operating systems and Windows and Office products, so it is strongly suggested that IT administrators plan ahead and prioritize this patch load as soon as possible."
 
Critical Patches
 
All told, the three critical vulnerabilities affect all Windows operating system versions, including Windows 7.
 
The first two critical items will be Windows OS patches, touching every supported operating systems, while the third and final critical item appears to be yet another cumulative patch for Internet Explorer, covering IE versions 5.01, 6, 7 and 8 on every Windows operating system currently in circulation.
 
Important Patches
 
All the patches deemed important in the June batch of patches will be split between Microsoft Office suite and Windows operating system vulnerabilities.
 
The first important Windows patch will affect every single OS, and the second important item touches Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 3, 2007 Microsoft Office System Service Pack 1 and 2007 Microsoft Office System Service Pack 2.
 
Important patch number three affects every supported OS, followed by important patch four, which is touched by every OS except Windows 2000 and Windows XP.
 
Patch number five covers Excel on Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 3, 2007 Microsoft Office System Service Pack 1 and 2007 Microsoft Office System Service Pack 2. Excel on MAC is also covered under this patch.
 
 
The sixth important patch will be, what experts say, the most pertinent of the group this month. It is an elevation of privilege patch for Microsoft Windows SharePoint Services 3.0 Service Pack 1 and Microsoft Windows SharePoint Services 3.0 Service Pack 2.
 
Important patch number six is another Windows patch affecting every OS except Windows 2000 and Windows XP.
 
The seventh and final important patch is the aforementioned Windows "tampering" patch that will affect every supported OS version.
 
All ten patches may require a restart.
 
Adobe Patch Tuesday?
 
June's Advanced Bulletin comes amid new research from Kaspersky Labs that indicates Adobe as the number one target for hackers in Q1 2010. The report details that Adobe products were the target of nearly half of all detected exploits.
 
As exploits grow, and Adobe is increasingly considered the most vulnerable third-party application on Windows stacks worldwide, a quarterly patch cycle may not to be often enough.

A post late last week from security blog "The H" quotes Brad Arkin, Adobe's Director of Product Security and Privacy, as saying a monthly rollout schedule is one of the things Adobe is considering in its security evolution.

In that vein, Arkin now says that by the end of 2010, Adobe updates should be "distributed via Microsoft's System Center Updates Publisher (SCUP)." If this is true, Windows IT pros who have Adobe products in their stack would be able to integrate the third-party products a little easier if they use System Center Configuration Manager (SCCM) and System Center Essentials (SCE).

Meanwhile, IT pros looking for non-security updates from Microsoft can find them in this knowledgebase article.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Touting Azure for Operators, Microsoft Joins SDN Standards Group

    As part of its Azure for Operators program, Microsoft this week joined a nonprofit standards association that focuses on SDN technologies used by enterprises and service providers.

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • Pilot Begins of Microsoft Teams-Salesforce CRM Integration

    A new capability that lets Microsoft Teams users access information from the Salesforce.com customer relationship management (CRM) platform debuted this week.

  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.