Microsoft To Deliver Large Number of Patches for June
Microsoft's June security update rollout will be a hefty 10 patches -- three "critical" and seven "important."
As usual, remote code execution (RCE) exploit considerations rule the day, covering six of the total patches, trailed by three elevation of privilege fixes and a rare tampering risk patch to round out the slate.
"It might be summertime but there's no sunshine expected from Microsoft next Tuesday, as the company warned users today that they'll be releasing ten security bulletins," said Paul Henry Lumension's Security & Forensic Analyst. "The impact will be felt enterprise-wide, with bulletins covering a large portion of Microsoft's range of operating systems and Windows and Office products, so it is strongly suggested that IT administrators plan ahead and prioritize this patch load as soon as possible."
All told, the three critical vulnerabilities affect all Windows operating system versions, including Windows 7.
The first two critical items will be Windows OS patches, touching every supported operating systems, while the third and final critical item appears to be yet another cumulative patch for Internet Explorer, covering IE versions 5.01, 6, 7 and 8 on every Windows operating system currently in circulation.
All the patches deemed important in the June batch of patches will be split between Microsoft Office suite and Windows operating system vulnerabilities.
The first important Windows patch will affect every single OS, and the second important item touches Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 3, 2007 Microsoft Office System Service Pack 1 and 2007 Microsoft Office System Service Pack 2.
Important patch number three affects every supported OS, followed by important patch four, which is touched by every OS except Windows 2000 and Windows XP.
Patch number five covers Excel on Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 3, 2007 Microsoft Office System Service Pack 1 and 2007 Microsoft Office System Service Pack 2. Excel on MAC is also covered under this patch.
The sixth important patch will be, what experts say, the most pertinent of the group this month. It is an elevation of privilege patch for Microsoft Windows SharePoint Services 3.0 Service Pack 1 and Microsoft Windows SharePoint Services 3.0 Service Pack 2.
Important patch number six is another Windows patch affecting every OS except Windows 2000 and Windows XP.
The seventh and final important patch is the aforementioned Windows "tampering" patch that will affect every supported OS version.
All ten patches may require a restart.
Adobe Patch Tuesday?
June's Advanced Bulletin comes amid new research from Kaspersky Labs that indicates Adobe as the number one target for hackers in Q1 2010. The report details that Adobe products were the target of nearly half of all detected exploits.
As exploits grow, and Adobe is increasingly considered the most vulnerable third-party application on Windows stacks worldwide, a quarterly patch cycle may not to be often enough.
A post late last week from security blog "The H" quotes Brad Arkin, Adobe's Director of Product Security and Privacy, as saying a monthly rollout schedule is one of the things Adobe is considering in its security evolution.
In that vein, Arkin now says that by the end of 2010, Adobe updates should be "distributed via Microsoft's System Center Updates Publisher (SCUP)." If this is true, Windows IT pros who have Adobe products in their stack would be able to integrate the third-party products a little easier if they use System Center Configuration Manager (SCCM) and System Center Essentials (SCE).
Meanwhile, IT pros looking for non-security updates from Microsoft can find them in this knowledgebase article.
Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.