More critical Microsoft updates, even for Vista

Stephen Withers
Wednesday, 10 June 2009 05:43

Business IT - Security

June's Patch Tuesday release from Microsoft addresses more vulnerabilities than there are days in the month. And this time, Mac users needn't feel left out.

As expected, June's Patch Tuesday saw 10 new security bulletins from Microsoft, covering 31 vulnerabilities.

Seven of the bulletins relate to Windows itself.

Active Directory problems can lead to remote code execution on Windows 2000 and allow denial of service attacks on XP and Server 2003. Server 2008 is unaffected.

Multiple vulnerabilities exist in Internet Explorer, and all but one allow remote code execution. The exception is an information disclosure vulnerability in IE6 on Windows 2000. There is at least one Critical vulnerability for each of Internet Explorer 5, 6, 7 and 8, even when running under Vista. Others are rated Important or Moderate.

According to Andrew Storms, director of security operations for nCircle, "every user should put this patch at the top of their 'install immediately' list."

The IIS issues revolve around the use of maliciously crafted anonymous HTTP requests to gain WebDAV access without authentication. The problems are regarded as Important on Windows 2000, XP, and Server 2003. Vista and Server 2008 are not affected.

There's a lot more to be patched this month, so please read on.