Patch Tuesday – June 2011 – 16 bulletins, 9 critical

June 2011 Deployment priority chartBeing the second Tuesday of the month, once again it is Patch Tuesday. This is the second largest bulletin released by Microsoft in 2011, covering 16 bulletins.

That number could be deceivingly low, though: Microsoft has combined many fixes into indivual bulletins, thus reducing the number of bulletins despite fixing a large number of flaws.

As Microsoft points out in its MSRC blog, this month’s fixes cover 32 critical and important severity vulnerabilities.

In particular Microsoft is drawing attention to four bulletins it has categorized as the highest deployment priority.

  1. MS11-042 DFS – Fixes two privately-reported vulnerabilities in the Distributed File System client. If exploited, attackers could execute arbitrary code on victims’ computers.
  2. MS11-043 SMB Client – Similar to MS11-042, this flaw in the file sharing client in Windows could allow an attacker to remotely execute code on victims’ PCs.

  3. MS11-050 Internet Explorer – Fixes 11 privately disclosed flaws in IE, some of which could result in remote code execution.
  4. MS11-052 Internet Explorer 6,7,8 – Privately disclosed flaws in Microsoft’s implementation of VML could allow remote code execution by simply visiting a malicious web page. IE 9 is not affected.

Other fixes includes patches for OLE, Threat Management Gateway client firewall, .NET, Silverlight, Windows Kernel, Excel, Active Directory, MHTML, Hyper-V, SMB server and XML Editor.

A separate advisory from Microsoft alerts Office for Mac customers that the Office fixes from May that did not ship for Mac users are included in MS11-045, the Excel patch. This makes MS11-045 a high priority update for Mac Office users.

Adobe will be releasing updates for Reader and Acrobat. This is on target with its planned quarterly release cycle and will bring Adobe Reader X clients up to date with all of the latest fixes.

Windows and Mac users can run their check-for-update tools on affected products to apply these fixes.

If you would like to see SophosLabs opinions on this month’s updates, please visit Sophos Knowledgebase article 43444.