June 2009 Microsoft Security Bulletin Release

Microsoft released ten (10) security bulletins today, of which six are directed to Windows, including two rated critical, three important and one moderate. The remaining are rated critical and affect Internet Explorer, Microsoft Office Word, Microsoft Office Excel and Microsoft Works Converters. Information about the bulletins is included below.

In addition, Security Bulletin MS09-017 was re-released to provide security update packages for Microsoft Office 2004 for Mac, Microsoft Office 2008 for Mac, Open XML File Format Converter for Mac, Microsoft Works 8.5, and Microsoft Works 9. Customers who currently have this software installed need to apply this update immediately.

Note that an update ready for the DirectShow vulnerability discussed in Security Advisory 971778 has not been released. As indicated in the MSRC Blog, the update will be released as soon as the Microsoft security teams are are confident that the update meets the right quality bar.

Also included in the MSRC Blog is information on Security Advisories 969898 and 971888. In addition, the blog post includes a video by Jerry Bryant and Adrian Stone from the Microsoft Security Response Center (MSRC) where they go in to a little more detail on issues customers should be thinking about when considering the deployment of this month’s updates.

June 2009 Security Bulletin Information

Critical:

• MS09-018 - Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
• MS09-019 - Cumulative Security Update for Internet Explorer (969897)
• MS09-021 - Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
• MS09-022 - Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)
• MS09-024 - Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)
• MS09-027 - Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)

Important:

• MS09-020 - Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
  
• MS09-025 - Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
• MS09-026 - Vulnerability in RPC Could Allow Elevation of Privilege (970238)

Moderate:

• MS09-023 - Vulnerability in Windows Search Could Allow Information Disclosure (963093)

References:

• MSRC Blog: June 2009 Bulletin Release
• TechNet: Microsoft Security Bulletin Summary for June 2009

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...