Microsoft releases three critical security bulletins

Another Patch Tuesday and Microsoft comes out with a variety of patches, and this series is quite serious. Users are recommended to update as soon as possible.

The critical vulnerabilities are in: Windows and Internet Explorer.

Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
This security update resolves a privately reported vulnerability in the Bluetooth stack in Windows that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Cumulative Security Update for Internet Explorer (950759)
This security update resolves one privately reported and one publicly disclosed vulnerability. The privately reported vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The publicly disclosed vulnerability could allow information disclosure if a user viewed a specially crafted Web page using Internet Explorer.

Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
This security update resolves two privately reported vulnerabilities in Microsoft DirectX that could allow remote code execution if a user opens a specially crafted media file. An attacker who successfully exploited either of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft has released an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

If you want more information about these security bulletins do check out the TechNet Webcast that will present a brief overview of the technical details of the June security bulletins followed by an extensive Q&A session that will give you the opportunity to ask questions and get answers from Bill Sisk, Security Response Communications Manager and Adrian Stone, Lead Security Program Manager, Microsoft Corporation.




Share this