Modernizing Authentication — What It Takes to Transform Secure Access
Microsoft shipped 16 security patches for its June "Patch Tuesday" event today, nine of them rated "critical" on the company's four-tier severity ranking scale.
That's a big jump from May, when Microsoft (NASDAQ: MSFT) shipped only two patches, only one of which was rated critical. However, that single critical patch fixed an important hole for security professionals in Windows Server.
Meantime, administrators may see June's patch workload as more like a déjà vu of April's patch release, when Microsoft released 17 patches, nine of them critical.
On June's list, eight of the critical patches affect Windows.
However, of those, Microsoft's security mavens specifically called out four patches as the most important to install immediately, and two of those affect Internet Explorer (IE) specifically.
In fact, one of those two patches provides 11 separate fixes to IE, including fixing holes in every version of IE from the nearly antique version 6.0 up through 9.0 -- the most recent release of Microsoft's browser, running on the most recent release of Windows, version 7.0.
"The first batch of security bulletins that need immediate attention all have Web browsing to a malicious Web site as an attack vector. As this is the number one way to be exploited, these bulletins should be rolled out first," Jason Miller, manager of research and development at security firm Shavlik Technologies, which was recently bought out by VMware, said in an email to InternetNews.com.
Meanwhile, the other two most critical patches affect all supported versions of Windows -- but one of them, which fixes a hole in Microsoft's Distributed File System, is only rated critical for the oldest versions -- Windows XP Service Pack 3 and Windows Server 2003 Service Pack 2 -- while later versions will only crash if attacked, called a "denial of service."
"We recommend that customers apply these and all other updates as soon as possible," Angela Gunn, a spokeswoman for Microsoft's Trustworthy Computing team, said in a post to the Microsoft Security Response Center blog.