Microsoft has just issued their advance notification of June patches. There currently are nine critical and seven important updates scheduled to be released on June 14. These bulletins apply to Workstation and Server operating systems, Internet Explorer Web browsers, both Windows and Mac versions of Office applications, SQL server installations, Developer applications including Silverlight and Visual Studio, and Forefront client security applications.
In Summary, with the exceptions identified below, CRITICAL classifications are assigned to bulletins 1-9 and bulletins 10-16 are classified as IMPORTANT.
Workstation Operating Systems – CRITICAL patches
The critical designation is applied to eight of the nine bulletins (bulletin #3 only applies to Forefront 2010 client) for the following Workstation Operating Systems:
- Windows XP (SP2 and SP3)* Bulletin #4 is assigned a classification of IMPORTANT for 64 bit versions of Windows XP – Bulletin #4 is not applicable for 32 bit installs of Windows XP.
- Windows Vista – Bulletin #4 is assigned a classification of CRITICAL for 64 bit versions of Vista – Bulletin #4 is not applicable for 32 bit installs of Windows Vista
- Windows 7 – Bulletin #4 is assigned a classification of CRITICAL for 64 bit versions of Windows 7 – Bulletin #4 is not applicable for 32 bit installs of Windows 7.
Note: Bulletin #5 is assigned a classification of IMPORTANT for Vista and Windows 7.
Server Operating Systems – CRTICAL patches
The critical designation is applied to six of the nine bulletins for the follow Server Operating Systems
- Windows Server 2003 (SP2 for 32, 64 bit and Itanium versions) – Bulletin #4 is assigned a classification of IMPORTANT for 64 bit versions of Windows Server 2003 – Bulletin #4 is not applicable for 32 bit installs of Windows Server 2003.
- Windows Server 2008 (base and SP2 for 32, 64 bit and Itanium versions) – Bulletin #4 is assigned a classification of CRITICAL for all 64 bit versions of Windows. Bulletin #9 is applicable to Internet Explorer version 7 and 8 installations and is assigned a classification of MODERATE for Server 2003 installations.
Note: Windows Server 2008 – Bulletin #4 is not applicable for 32 bit installs of Windows Server 2008. Bulletin #9 is applicable to Internet Explorer version 7 and 8 installations and is assigned a classification of MODERATE for Server 2008 installations.
- Windows Server 2008 R2 (base and SP1 for 64 bit and Itanium versions) – Bulletin #9 is applicable to Internet Explorer version 7 and 8 installations and is assigned a classification of MODERATE for Server 2008R2.
Note: For Server 2008R2, core components of the operating system are affected for the following bulletins: #2, #4, #5, #6 and #7
Note: Bulletin #5 is assigned a classification of IMPORTANT for Windows Server 2008 and 2008R2.
Development Tools – CRITICAL classification
Silverlight 4 – Bulletin #2 is assigned a classification of CRITICAL for Silverlight version 4 installations
Microsoft Security Software – CRITICAL classification
Forefront Treat Management Gateway 2010 – Bulletin #3 is assigned a classification of CRITICAL for all Forefront Threat Management Gateway 2010 installations.
Workstation Operating Systems – IMPORTANT classification
- Windows XP SP2 (64 bit only)- Bulletin #4
- Windows XP SP3 and SP2 (64bit) – Bulletin #10, Bulletin #12
- Windows Vista SP1 and SP2 versions on 32 and 64 bit installations – Bulletin #5 and Bulletin #12
- Windows 7 (base and SP1 versions on 32 and 64 bit installations – Bulletin #10, #12 and #14
Server Operating Systems – IMPORTANT classification
- Windows Server 2003 – (SP2 for 64 bit and Itanium versions) – Bulletin #4
- Windows Server 2003 – (SP2 for 32, 64 bit and Itanium versions) – Bulletin #12
- Windows Server 2008 – (base and SP2 for 32, 64 bit and Itanium installations) – Bulletin #5, #12, #13 (64bit only), #14 and #16.
- Windows Server 2008 R2 – (base and SP1 for 64 bit and Itanium installations) – Bulletin #12, #13, #14 and #16.
Office suites and software versions – IMPORTANT classification
Windows Versions
- Office XP SP3 – Component – Excel 2002 SP3 –Bulletin #11
- Office 2003 SP3 – Component – Excel 2003 SP3 –Bulletin #11
- Office 2007 SP2 – Component – Excel 2007 SP2 –Bulletin #11
- Office 2010 (32 and 64 bit versions) – Component – Excel 2010 –Bulletin #11
Mac Versions
- Office for Mac 2004 – Bulletin #11
- Office for Mac 2008 – Bulletin #11
- Office for Mac 2011 – Bulletin #11
- Open XML file format converter for Mac – Bulletin #11
Office InfoPath
- Microsoft InfoPath 2007 SP2 – Bulletin #15
- Microsoft InfoPath 2010 (32 and 64 bit versions) – Bulletin #15
Other Office software
- Office Excel Viewer- Bulletin #11
- Office Compatibility pack for Word, Excel and Powerpoint 2007 file formats – Bulletin #11
Server Software
- SQL Server 2005 SP3 – Bulletin #15
- SQL Server 2005 SP3 (64 bit) – Bulletin #15
- SQL Server 2005 SP3 (Itanium) – Bulletin #15
- SQL Server 2005 SP4 – Bulletin #15
- SQL Server 2005 SP4 (64 bit) – Bulletin #15
- SQL Server 2005 SP4 (Itanium) – Bulletin #15
- SQL Server 2005 Express Edition Service Pack 3 – Bulletin #15
- SQL Server 2005 Express Edition Service Pack 4 – Bulletin #15
- SQL Server 2005 Express Edition with Advanced Services Service Pack 3 – Bulletin #15
- SQL Server 2005 Express Edition with Advanced Services Service Pack 4 – Bulletin #15
- SQL Server Management Studio Express (SSMSE) 2005 – Bulletin #15
- SQL Server Management Studio Express (SSMSE) 2005 (64 bit) – Bulletin #15
- SQL Server 2008 SP1 (32, 64bit and Itanium) – Bulletin #15
- SQL Server 2008 SP2 (32, 64bit and Itanium) – Bulletin #15
- SQL Server 2008 R2 (32, 64bit and Itanium) – Bulletin #15
Development Software
- Visual Studio 2005 SP1 – Bulletin #15
- Visual Studio 2008 SP1 – Bulletin #15
- Visual Studio 2010 – Bulletin #15
Update June 14
Microsoft has just provided additional details on the June patches. The details are available at – http://blogs.technet.com/b/msrc/archive/2011/06/14/autorun-related-malware-declines-and-the-june-2011-security-bulletin-release.aspx
Four patches (also known as bulletins) are identified as being high priority.
Below is the summary provided by Microsoft of deployment priority.
There are four Critical-level updates that we want to call out as top priorities for our customers in June:
- MS11-042 (DFS). This bulletin resolves two privately reported issues affecting all versions of Windows.
- MS11-043 (SMB Client). This bulletin resolves one privately reported issue affecting all versions of SMB Client on Windows.
- MS11-050 (Internet Explorer). This security bulletin resolves 11 privately reported issues in Internet Explorer.
- MS11-052 (Windows). This bulletin resolves one privately reported issue in Windows and is also Critical.
We recommend that customers apply these and all other updates as soon as possible.
While the png files on the URL above can’t be viewed by clicking (edit – that condition has since been corrected), I am including direct links to them below.
In short, the high criticality vulnerabilities are not known publically (at this time). For that reason, it is not expected that these vulnerabilities will have exploit code released in the near future. However, once the vulnerable pieces of operating system (in this instance, it is more likely Internet Explorer code) are identified, exploits will soon materialize.
It is expected that Workstation installations will be first targeted with malware (in the form of e-mail that directs users to malicious web page content). For that reason, it is recommended that you begin the deployment of patches to Windows workstations as soon as possible. This is especially the case for Windows XP and also for Windows Server 2003 which have a exploitability rating of critical. Additional details are available at – http://www.microsoft.com/technet/security/bulletin/ms11-jun.mspx