Microsoft to fix dangerous IE, Windows security holes

A total of 7 security bulletins will be released to address at least 28 documented vulnerabilities in Microsoft Windows, Internet Explorer, Visual Basic for Applications, Dynamics AX, and the .NET Framework.

Microsoft's June batch of security patches will include critical fixes for dangerous security holes in the Windows operating system and the Internet Explorer browser.

According to advance notice from Redmond, a total of 7 security bulletins will be released to address at least 28 documented vulnerabilities in Microsoft Windows, Internet Explorer, Visual Basic for Applications, Dynamics AX, and the .NET Framework.

follow Ryan Naraine on twitter

Three of the 7 bulletins (Windows, IE and .NET) will be rated "critical," Microsoft's highest severity rating.  A critical bulletin addresses flaws that could lead to remote code execution attacks with little or no user interaction.

The other four bulletins will carry an "important" rating and deals with vulnerabilities that could be exploited in code execution and privilege escalation attacks.

This month's patch batch comes on the heels of the decision over the weekend to release an emergency fix to thwart "active attacks" that use unauthorized digital certificates derived from a Microsoft Certificate Authority. This led to sophisticated man-in-the-middle attacks as part of the Flame malware which has suspected links to nation-state attackers.

For more on the Flame man-in-the-middle attacks, see his blog post by my colleagues at Kaspersky Lab.

The June security updates are scheduled for Tuesday June 12, 2012 at 1:00 PM Eastern.   Windows users are urged to pay special attention to all the patches marked "critical."