News

Microsoft’s June patches fix Windows Server 2008 flaws

Ed Scannell

Microsoft this month released some 34 security fixes spread across a range of its core products including Windows Server 2008, Windows Server 2008 R2, Office 2010 and Internet Explorer.

    Requires Free Membership to View

Nine of the vulnerabilities have the maximum severity rating of "critical" with seven rated as "important."  Of the 16 bulletins released, two have to do with denial of service vulnerabilities, two for information disclosure flaws and two others for escalation of privilege.

Thirteen of the 16 bulletins address operating systems, with several of the updates affecting core installations. Among the most critical security fixes affecting Windows include ones to resolve:

  • a vulnerability in Windows Object Linking and Embedding (OLE) automation that could allow remote code execution if users visit a web site containing Windows Metafile images;
  • a vulnerability in .NET and Silverlight that could allow remote execution on a client system if users views a Web page using a browser that runs XAML browser applications;
  • resolves a vulnerability that could allow remote code execution if a user visits a network share containing a OpenType font;
  • a vulnerability in Microsoft's Distributed File System that could allow remote code execution when attackers send a response to a client-initiated  DFS request.

One of the issues Microsoft is addressing with the June updates is "cookiejacking" which allows an attacker to steal cookies from a user’s computer and access websites where an end user had logged in. This issue is being addressed largely in the Internet Explorer (IE) bulletins.

Two of the bulletins classified as critical stitch up holes in Internet Explorer versions 6 through 9, according to Microsoft. One security update for IE resolves 11 reported vulnerabilities, according to the company, the most severe of which could allow a remote attacker to gain the same user rights as the local user.

Another update, for both Internet Explorer and Windows, patches a vulnerability in Microsoft's Vector Markup Language The latter update is deemed critical for Internet Explorer versions 6, 7 and 8 on Windows clients. The company said version 9 is not affected.

You can follow SearchWindowsServer.com on Twitter @WindowsTT.

Let us know what you think about this story; email Ed Scannell at escannell@techtarget.com.

 

 


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: