Microsoft’s June security update equals record number of vulnerabilities

The number of vulnerabilities patched this month matches the record set in October 2009 when Microsoft released 13 security bulletins dealing with 34 vulnerabilities.

Of the latest set of fixes, 14 are in Microsoft Excel and eight relate to Windows and Internet Explorer (IE). Most of the vulnerabilities put Windows and Office users at risk of full system compromise.

The most critical bulletins this month are MS10-035 for Internet Explorer (IE), MS10-033 for DirectShow, and MS10-038 for Excel in Microsoft Office, said Wolfgang Kandek, chief technology officer at Qualys.

All versions of IE, including IE8 are affected by MS10-035. There aresix vulnerabilities in the update, two critical and it has an overall exploitability index of one, indicating that an exploit is expected within 30 days, he said.

"This month's patches again underline the risk of using the internet unprotected", said Dave Marcus, director of security research and communications at McAfee Labs.

"These vulnerabilities could be exploited to booby-trap websites, Office and Windows Media files to gain control over vulnerable computers simply by tricking victims into opening a malicious file or clicking a malicious link", he said.

McAfee recommends that users install Microsoft's patches as soon as possible, said Marcus.

Microsoft's large number of fixes comes as the Internet threat level is already elevated because of a yet-to-be-patched vulnerability in Adobe Flash Player and Adobe Reader and Acrobat.

Adobe has announced that its security response team is in the process of finalising a fix and the company expects to provide an update for Flash Player 10.x for Windows, Macintosh, and Linux by 10 June 10 (tomorrow).

The patch date for Flash Player 10.x for Solaris is still to be determined.

Adobe expects to provide an update for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX by 29 June.

This story was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?