Microsoft has published its June Advance Notification, giving us insight into what to expect next Tuesday. This release looks relatively small with only one critical and four important security bulletins making it the smallest of 2013 yet. But it does patch some of the more widely used and important windows components.
Bulletin 1 is rated as critical and affects all versions of Internet Explorer on all Windows platforms. If left unpatched, this vulnerability can cause RCE (remote code execution) which implies that an attacker can take control of the victim computer if the victim browses to a malformed website using Internet Explorer(IE). Since the browser is a window to the internet, IE users should apply this RCE patch as soon as it is released.
Bulletin 5 affects Microsoft Office 2003 SP3 as well as Office for Mac 2011. As we have discussed earlier, Office has a widely deployed customer base and usually the attack is carried out by sending malicious files via e-mail or hosting them on a compromised website. This vulnerability also allows an attacker to take full control of the victim machine and is classified as an RCE.
Bulletin 2, fixes an information disclosure vulnerability in the server and desktop versions of Windows 32-bit systems. Windows 7, 8, Vista, XP as well as Server 2003 and 2008 are affected. Systems that are not affected include Windows Server 2008 R2, 2012 and Windows RT.
Bulletin 3 is only a denial-of-service vulnerability, but since it affects server operating systems, including Windows 2008, R2 and 2012, we need to watch if it can be exploited remotely by sending malicious packets of data on listening services. We will update you more on this next Tuesday when more information is available. Bulletin 4 is an elevation of privilege vulnerability, which implies that an attacker would need valid credentials to exploit this issue and gain higher privileges.
All in all, judging from the cover, June Patch Tuesday does not look very difficult for administrators to patch. However, they should watch the IE issue closely.