Topic: Security

Microsoft to fix dangerous IE, Windows security holes

Summary: A total of 7 security bulletins will be released to address at least 28 documented vulnerabilities in Microsoft Windows, Internet Explorer, Visual Basic for Applications, Dynamics AX, and the .NET Framework.

By Ryan Naraine for Zero Day | June 7, 2012 -- 11:08 GMT (04:08 PDT)

Follow @ryanaraine

Microsoft's June batch of security patches will include critical fixes for dangerous security holes in the Windows operating system and the Internet Explorer browser.

According to advance notice from Redmond, a total of 7 security bulletins will be released to address at least 28 documented vulnerabilities in Microsoft Windows, Internet Explorer, Visual Basic for Applications, Dynamics AX, and the .NET Framework.

Three of the 7 bulletins (Windows, IE and .NET) will be rated "critical," Microsoft's highest severity rating. A critical bulletin addresses flaws that could lead to remote code execution attacks with little or no user interaction.

The other four bulletins will carry an "important" rating and deals with vulnerabilities that could be exploited in code execution and privilege escalation attacks.

This month's patch batch comes on the heels of the decision over the weekend to release an emergency fix to thwart "active attacks" that use unauthorized digital certificates derived from a Microsoft Certificate Authority. This led to sophisticated man-in-the-middle attacks as part of the Flame malware which has suspected links to nation-state attackers.

For more on the Flame man-in-the-middle attacks, see his blog post by my colleagues at Kaspersky Lab.

The June security updates are scheduled for Tuesday June 12, 2012 at 1:00 PM Eastern. Windows users are urged to pay special attention to all the patches marked "critical."

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

40 comments

Log in or register to join the discussion

Well

"A total of 7 security bulletins will be released to address at least 28 documented vulnerabilities in Microsoft Windows, Internet Explorer, Visual Basic for Applications, Dynamics AX, and the .NET Framework."

Exactly how many more than 28 are there? Or is that going to go unanswered? Is it 40, 60 97? This is why Microsoft doesn't deserve any trust. Other companies list the exact number of fixes they are putting out, never a generic number. At least 28 leave too much to speculation. It could be 29, it could be 199...

Jumpin Jack Flash
7 June, 2012 13:13

Reply Vote
- Well
  
  Calm down--don't fret the small stuff or that you have no control over. Use another browser if it toubles you so not to have an exact number. Man, if that was all I had to worry about--I wouldn't know what to do!!
  
  rwayne22
  7 June, 2012 13:57
  
  Reply Vote
- Had you really wished an answer (rather than just using ALL opportunities
  
  to disparage all things MS) ... you might have followed the link, so conveniently, provided by Ryan. Had you done so, you would have seen that MS did indeed provide a detailed list of affected software.
  
  whatagenda
  7 June, 2012 14:36
  
  Reply Vote
  - Yet it doesn't state the exact number
    
    Of holes the patches plug. If the Softies on this site can poke at other OSs patches. Then how about leveling the field, and discuss how many Microsoft is patching? Say Apple patches 39 holes, and ZDNet clams "It's another Monster Patch!", or there are 22 holes patched in a Linux distro, and the resident Softies proclaim "Linux security is like Swiss cheese!" We only know that this month Microsoft will patch between 29 and 99 holes in their various software products. It's about the claim of how transparent Microsoft is, while the others refuse to tell everyone what's going on. It's also fun to rattle the cages of the astroturfers, and get them to scream.... lol
    
    Jumpin Jack Flash
    7 June, 2012 16:00
    
    Reply Vote
  - @ Jumpin Jack Flash
    
    It is an "advance notice". The release notice, as is ALWAYS the case with MS bulletins, will give complete detail. That said, .... if you take off your shoes even you could count the number of patches and the effected software. All you have to do is expand the sections that show, which bulletins effect which software. It even explains which are critical.
    
    whatagenda
    8 June, 2012 08:07
    
    Reply Vote
- Oh ya
  
  We can tell how biased/anti-Microdsoft you are. Conspiracy theory nut?
  Where are you getting your "Other companies list the exact number of fixes they are putting out, never a generic number" from? Link/URL?
  
  Gisabun
  7 June, 2012 15:57
  
  Reply Vote
  - Re: Gisabun "We can tell how biased/anti-Microdsoft you are. " And yet..
    
    When ToddBottom3 makes all these off the wall claims, cause he's like the Apple anti-christ, non of you pro-Ms people, other than myself call him out on it? Pot meet kettle!
    
    TW
    
    T-Wrench
    7 June, 2012 20:22
    
    Reply Vote
  - He's dreaming...
    
    e.g. Linux list all the packages that are updated, but you are not able to know whether these updates are small bug fixes or critical flaw fixes.
    Criticizing is easy, but it does not always reflect the truth. In this case, MS is doing the best job among all the major OS companies.
    
    didier.m.rousseau@...
    8 June, 2012 01:02
    
    Reply Vote
- No
  
  There is 28; that's what Microsoft said. Now, if you know of more then why don't you tell them, or tell us here what they are???? The ball is in your court!!
  
  eargasm
  7 June, 2012 16:55
  
  Reply Vote
  - Read it again....
    
    "A total of 7 security bulletins will be released to address [b]at least 28 documented vulnerabilities[/b] in Microsoft Windows, Internet Explorer, Visual Basic for Applications, Dynamics AX, and the .NET Framework"
    
    Reading Is Fundamental. You might want to read the definition of what "at least 28" means. It literally means "More than 28". It could mean as few as 29 0r as many as 29,000,000 (though I doubt Microsoft found 29 million holes).
    
    Jumpin Jack Flash
    7 June, 2012 20:32
    
    Reply Vote
  - Oh Jack, I think you've outdone yourself this time
    
    [i] You might want to read the definition of what "at least 28" means. It literally means "More than 28".[/i]
    
    Hilarious. Please never stop posting classics like "at least" literally means "more than".
    
    Hint: "At least 28" is x >= 28. "More than 28" is x > 28. But I know that this math might be too advanced for you.
    
    toddbottom3
    8 June, 2012 07:58
    
    Reply Vote
- Again ZDNet paints what is daily on nix and OS X as HUGE!!!
  
  nix and OS X get so many security patches compared to windows 7 making this into a blog with the Windows broken graphic is obscene.
  I want an OS that doesn't need patches daily, like any nix or that come in bundles of SUPER or MEGA patches several times a year, waiting way too long in most cases to patch holes that are open to remote exploits. Apple sends fixes with hundreds of security fixes, many critical, and this is news?
  Again, nix is patching new holes all of the time.
  Apple has someone convinced their users that a hole with POC remote exploits, is not really a hole because they are using the most advanced (cough) OS in the world.
  The fact it, the OS sits around with holes that can be compromised remotely and that shows the integrity of the OS right there, not if someone happens to take advantage of the bug. The security by obscurity is suddenly not working out so well for Apple, is it.
  ZDNet, I'll wait for the blogs with the graphis of the Ubuntu or OS X logos getting blow up or smashed, k?
  Please try to have some shred of journalistic integrity.
  
  xuniL_z
  7 June, 2012 17:30
  
  Reply Vote
  - OpenBSD
    
    OpenBSD for you, then.
    
    But you might reconsider it when you realize how much software you'll have to be without...
    
    Natanael_L
    8 June, 2012 09:28
    
    Reply Vote
- What this means:
  
  If they fix, say, a buffer overflow, that fixes at least one and possibly other vulnerabilities (perhaps yet undiscovered). Some times the impact of fixing a problem is bigger than you realize. They are just covering their bases. You can safely go with 28 known vulnerabilities. You don't know what you don't know. As MS Windows security has steadily been increasing and even being recognized by 'nix fanboys I think you can trust the numbers.
  
  DevGuy_z
  8 June, 2012 09:00
  
  Reply Vote
Update blues

Any dialup users finding these continual updates wearying?! I transport our machines by backpack to my workplace's T3 connection. Still, there are large areas of the U.S. where dialup is the only connection mode.

lwayneb
7 June, 2012 13:52

Reply Vote
- Would you prefer no one fix glitches?
  
  Apple, MS and Linux (to say nothing of all the third party software providers) ALL issue patches, code is far to complex these days to catch all the gotchas.
  
  whatagenda
  7 June, 2012 14:31
  
  Reply Vote
  - Yeah, but they should pay for bandwidth!
    
    These companies should offer users CDs/DVDs with patched software for free!
    
    jatbains
    7 June, 2012 15:25
    
    Reply Vote
- Don't have dial-up, but I do have
  
  Satellite, and that satellite plan comes with a data cap of 350 MB /Day. So if you're already doing something else on line, you will have to wait until the next day to perform this patch, or suffer loosing service for up to 2 daya minimum.
  
  At least with dial-up, it may be slow, but last time I used it, it was unlimited..
  
  Thanks...
  TW
  
  T-Wrench
  7 June, 2012 20:32
  
  Reply Vote
  - unlimited dialup
    
    Dialup is available for 9.95USD for month. Checked yesterday because Verizon dsl disconnected me again for about the 7th time in 3 weeks.
    
    nuzerxe
    10 June, 2012 05:53
    
    Reply Vote
- Dial-up & large fixes.
  
  I sure do find it an issues on these monthly massive ups. 5 months of the year I'm on dial-up as the company shuts down our satelite connection when I am the only person on site at the resort I work at. I usually go into Huntsville (Ontario) and buy supper at McDonalds and sit there for up to 5 hours to download all these big up-dates. I dispise McD's but I do appreciate their free Wi-Fi.
  
  panelshop
  12 June, 2012 18:50
  
  Reply Vote