June '10 Patch Tuesday: 10 bulletins, 34 Vulnerabilities
UPDATE June 9: Details on the 10 security bulletins Microsoft released are available here .
As part of the Patch Tuesday program, Microsoft will roll out 10 security bulletins that address a grand total of 34 security vulnerabilities on the 8th of June. The vulnerabilities in question affect the Windows operating system, the Microsoft Office productivity suite, and the Internet Explorer web browser. An advance notification for the June security bulletin release has been posted online by Microsoft here.
Senior Security Communications Manager Lead with the MSRC (Microsoft Security Response Center), Jerry Bryant provided these additional details:
During the April ’10 Path Tuesday, Microsoft did not address a XSS (cross-site scripting) vulnerability in SharePoint Server 2007 and SharePoint Services 3.0. Last month Microsoft announced it is aware of the vulnerability; the company released Security Advisory 983438 to help customers mitigate the vulnerability. Microsoft said it is not aware of any attacks exploiting this vulnerability in the wild. Still, all customers running SharePoint Server 2007 or SharePoint Services 3.0 should review and apply the mitigations presented in Security Advisory 983438 .
The vulnerability in question could allow Elevation of Privilege (EoP) within the SharePoint site itself. If exploited by a person with malicious intent, the vulnerability could allow that person to run arbitrary script that could result in the elevation of privilege within the SharePoint site.
As a little side note, if you look at this year's Patch Tuesday releases, it’s like looking at a rollercoaster ride. One moth there are numerous bulletins are vulnerabilities, the next month just a few vulnerabilities. Here’s what I am talking about:
See what I am talking about? Up and down and up and down.
As part of the Patch Tuesday program, Microsoft will roll out 10 security bulletins that address a grand total of 34 security vulnerabilities on the 8th of June. The vulnerabilities in question affect the Windows operating system, the Microsoft Office productivity suite, and the Internet Explorer web browser. An advance notification for the June security bulletin release has been posted online by Microsoft here.
Senior Security Communications Manager Lead with the MSRC (Microsoft Security Response Center), Jerry Bryant provided these additional details:
- Six of the bulletins affect Windows; of those, two carry a Critical severity rating and four are rated Important.
- Two bulletins, both with a severity rating of Important, affect Microsoft Office.
- One bulletin, again with a severity rating of Important, affects both Windows and Office.
- One bulletin, with a severity rating of Critical, affects Internet Explorer.
During the April ’10 Path Tuesday, Microsoft did not address a XSS (cross-site scripting) vulnerability in SharePoint Server 2007 and SharePoint Services 3.0. Last month Microsoft announced it is aware of the vulnerability; the company released Security Advisory 983438 to help customers mitigate the vulnerability. Microsoft said it is not aware of any attacks exploiting this vulnerability in the wild. Still, all customers running SharePoint Server 2007 or SharePoint Services 3.0 should review and apply the mitigations presented in Security Advisory 983438 .
The vulnerability in question could allow Elevation of Privilege (EoP) within the SharePoint site itself. If exploited by a person with malicious intent, the vulnerability could allow that person to run arbitrary script that could result in the elevation of privilege within the SharePoint site.
As a little side note, if you look at this year's Patch Tuesday releases, it’s like looking at a rollercoaster ride. One moth there are numerous bulletins are vulnerabilities, the next month just a few vulnerabilities. Here’s what I am talking about:
- In January Microsoft released just 1 security bulletin (6 vulnerabilities).
- In February Microsoft released a grand total of 13 security bulletins (26 vulnerabilities).
- In March Microsoft released only 2 bulletins (8 vulnerabilities).
- In April Microsoft released a total of 11 bulletins (25 vulnerabilities).
- In May Microsoft released just 2 bulletins (2 vulnerabilities).
- In June Microsoft will release a grand total of 10 bulletins (34 vulnerabilities).
See what I am talking about? Up and down and up and down.
