Microsoft'sJune monthly security updatewill keep
IT administrators very busy this week, with 10 updates covering 31
vulnerabilities.
This is the largest number of vulnerabilities to be covered in a
single update since Microsoft began its monthly patch cycle in
2003.
The update is a challenge to IT administrators because in
addition to the high number of vulnerabilities, it covers a broad
range of products, said Dave Marcus of security firm McAfee.
"Businesses will need a solid risk management strategy to test
and prioritise the fixes," he said.
Urgent action required
Most security firms are advising IT administrators to install
the updates as soon as possible, but have rated the Active
Directory and Internet Explorer patches as the most urgent.
Seventeen of the issues are rated "critical" and affect Office,
Print Spooler, Excel, Word, Internet Explorer and Active
Directory.
The more severe of the two Active Directory issues can be
exploited remotely to gain complete access to a vulnerable
computer, security firm Symantec said in a
blog posting.
Wolfgang Kandek, CTO at IT risk assessment firm Qualys, said
patching Active Directory is one of the most important things for
IT administrators to do. "Active Directory is a critical
infrastructure for most companies."
In most cases, the remaining "critical" issues are triggered by
user interaction, such as visiting a website containing malicious
content or opening a malicious file.
Malware infection through legitimate websites remains one of the
most popular attack methods, said Symantec's John Harrison.
Patches for Internet Explorer should also be a priority,
according to most security firms. Even IE8 released in March was
included, although there was only one update compared with seven
for IE7.
"Organisations should update to IE8 because this will make them
less vulnerable," said Kandek.
Security update
Although Microsoft's advance notification made no mention of
PowerPoint fixes for the Mac operating system, it was included in
the update. Last month, Microsoft issued fixes for the Windows
versions, but said Mac users would have to wait for the patch to be
completed.
The update also included a patch for the
Internet Information Server (IIS) flaw reported by Microsoft
last month, but not included in the advance bulletin.
Security updates from
Adobe for its Reader product will add to IT administrators'
workloads this week.