Microsoft Releases Remarkable June 2009 Patch Batch
Software giant Microsoft has released a record number of security patches on June 9, 2009 following its customary release of software updates on a Tuesday of every month. The bulletin fixes a minimum of 31 vulnerabilities within its Windows OS and others.
As reported Microsoft has rated over 50% of the flaws, now repaired, as "critical," implying that their exploitation could allow taking over vulnerable systems even in the absence of user-interaction.
The company is also alerting of possible attacks codes that would be publicly available for exploiting the majority of the security holes for which Microsoft has released the fixes.
States Symantec Corp. that the current security bulletin from Microsoft addresses the highest ever number of flaws within just one patch release. Incidentally, the last record from Microsoft was in December 2008 the time when Microsoft released 28 patches in a single go.
Also is reported that Microsoft's June 9, 2009 security bulletin contains 10 updates that patch the numerous bugs, including one that "critically" affects Internet Explorer 8, which was exploited during a hacking competition in March 2009 at the CanSecWest security conference.
This IE8 bug allows execution of remote code due to the way the browser version accesses a device that has been deleted or incorrectly initialized. Consequently, a hacker could abuse the flaw using a malicious web page. Incidentally, a hacker, who is able to successfully exploit the flaw, may acquire the same privileges as that of the user then logged on. Thus, if the user is having administrative rights, then the hacker by exploiting the flaw could fully compromise the vulnerable system.
Meanwhile, one more update plugs two security loopholes within Microsoft's ISS (Internet Information Services) Web server application. NCircle a company for vulnerability management notes that the steps to abuse one among the said IIS holes are already on the net.
Furthermore, the update addresses several flaws within Excel and Word that could allow remote execution of code or compromising the system. It also fixes a PowerPoint flaw that Microsoft announced in April 2009. This flaw was abused in specific incidences on Windows OS during May 2009.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 17-06-2009