All supported versions of Windows will need patching, along with server-side software packages and applications, including the .NET framework and SQL server.
All versions of Excel in Microsoft Office will receive an update on both Windows and Mac OS X platforms, including the most recent releases 2010 and 2011. Internet Explorer is covered by two bulletins that update version 6, 7, 8 and the newest version 9.
Angela Gunn with Trustworthy Computing wrote in a blog that one of the issues being addressed in this month’s update is “cookiejacking,” which allows a attacker to steal cookies from a user’s computer and access websites the user has logged into.
“The Internet Explorer bulletin will address one of the known vectors to the cookie folder. Given the prevalence of other types of social engineering methods in use by criminals, which provide access to much more than cookies, we believe this issue poses lower risk to customers”, Gunn explained.
Who might be behind this cookiejacking – Cookie Monster’s evil twin?
Andrew Storms, director of security operations for nCircle, noted that Patch Tuesday will include a critical Internet Explorer 9 update, the first since the browser shipped in mid-March. “So basically it had a critical bug in it the day it shipped”, he said.
Wolfgang Kandek, chief technology officer at Qualys, commented that "system administrators will need to plan closely as both workstations and servers are affected by the critical bulletins.”
Paul Henry, security and forensic analyst with Lumension, said that, with the current laundry list of fixes, “it is clear that Microsoft is back to its typical practice of being very disruptive on Patch Tuesday. This will be a long hot summer for IT professionals and there is just no room to slow down.”
In addition, many fathers – and mothers – will be burning the midnight oil this weekend.