Microsoft said it will deliver 10 security updates this Tuesday, June 8, 2010 to patch a record-tying 34 vulnerabilities in Windows, Internet Explorer, Office and SharePoint. The patches will also quash two bugs that Microsoft acknowledged in February and April. This is a Microsoft gigantic patch that we recommend to all clients that they download and install.
Tuesday’s updates will be huge and will be released at approximately 1 p.m. ET on June 8th! Although the 10 updates fall short of the record of 13 — first set in October 2009, then repeated in February 2010 — Microsoft will fix a total of 34 vulnerabilities, the same number as the current record, also set last October.Microsoft has been shipping alternating large and small batches of fixes, with the larger-sized updates landing in even-numbered months. In May, for example, the company issued just two bulletins that patched two vulnerabilities. April’s update collection, meanwhile, amounted to 11 bulletins that fixed 25 flaws.Of the 10 updates, Microsoft labeled three as “critical,” the highest threat ranking in the company’s four-step system.
The seven remaining patches have been pegged as “important,” the next step down from critical. Two of the three critical updates will address issues in Windows, while the third will tackle Internet Explorer (IE).All six updates affecting Windows will impact Microsoft’s newest operating system, Windows 7. And with one exception — Windows 2000 and Windows XP will not need Bulletin 9 — all currently-supported versions of Windows will require all the patches.The IE update applies to IE6, IE7 and IE8, and was ranked critical for all three versions for Windows XP, Windows Vista and Windows 7. However, the oldest still-supported version of the browser — IE 5.01 on Windows 2000 — is not affected by the flaw(s).
Another update will patch one or more vulnerabilities in Excel 2002, 2003 and 2007 on Windows, and Excel 2004 and 2008 on the Mac.
Other updates will close out a pair of flaws that Microsoft confirmed in two earlier security advisories. The oldest warning was issued in February, and noted that hackers could exploit IE on Windows XP to read every file on a victim’s PC. That fix will presumably be one of several included in the IE update.
Microsoft will also patch a problem in SharePoint Server 2007 that it publicized in April. The zero-day bug could be used by attackers to steal companies’ confidential information.
Tuesday’s updates will be the second-to-last for Windows 2000 and Windows XP Service Pack 2 (SP2), both which will be retired from security support in mid-July.
Orignal Story By Gregg Keizer; ComputerWorld; June 3, 2010 03:21 PM ET