After a relatively quiet May with only two security bulletins, Microsoft comes out with 10 security bulletins in June’s Patch Tuesday release. Three of these were rated “critical,” which means these vulnerabilities could be exploited without the user having to take any action beyond visiting a malicious site. These bulletins cover a total of 34 different vulnerabilities.
Of the 10 security bulletins, seven cover flaws either in Windows itself or in Internet Explorer (IE) while the remaining three fix problems in Microsoft Office. Careful observers will also note that two high-profile vulnerabilities—one in SharePoint and another in IE found at the Black Hat Conference—will both be fixed today. (While the latter was not officially classified as “critical” by Microsoft, it could still be used by would-be attackers to read every file on an affected system.)
Home users should go ahead and run Windows Update from within their systems to download and apply the needed patches as soon as possible. Enterprise users should keep in mind that two of the bulletins note that the relevant patches will require a system restart.
Microsoft wasn’t alone in fixing security holes this week. The new version of Apple’s Safari browser, Safari 5, also fixes numerous security flaws in the browser, many of which could also be used to execute random code. Windows users, as well as those with Leopard and Snow Leopard, will have to upgrade to Safari 5 to plug these holes. Tiger users can upgrade to Safari 4.1, which is Tiger-only.