Microsoft issues latest round of security patches

Microsoft has published a number of 'critical' security patches

Microsoft has released its latest crop of security patches, fixing 31 vulnerabilities in Windows, Office and Internet Explorer.

Six of the 10 bulletins were rated 'critical', while three were given lower classifications of 'important' and a fourth was rated 'moderate'.

Among the critical fixes were patches for Word, Excel and the Windows Active Directory component, all of which could allow an attacker to remotely execute code on a targeted system.

Perhaps the most interesting of the patches, however, addresses several new and previously reported issues in Internet Explorer, including one high-profile flaw.

Steve Manzuik, senior manager of security research at Juniper Networks, said that, while security researchers would be taking special note of a fix for the so-called 'Nills' security vulnerability detected at the CanSecWest conference in March, all users should be looking to install the patch.

"This was more significant from a research point of view," he said. "But as usual, when it comes to Internet Explorer, these are patches that everyone wants to install."

Among the non-critical updates were fixes for privilege elevation holes in the Windows Kernel, Remote Procedure Call component and Internet Information Services software.

The lone 'moderate' patch addresses a flaw in the Windows Search component which could allow for information disclosure.

The June update addresses a much larger range of applications than the May patch release, which focused on security fixes for Microsoft Office.

Experts worry that the sheer volume and range of the patches could be a headache for IT staff who prefer to examine and test fixes prior to installation.

"Microsoft's fixes cover many of its technologies, across various versions of Windows and Office for Mac," said Dave Marcus, director of security research and communications at McAfee Avert Labs.

"Patching will be especially challenging for enterprises, which will need a solid risk management strategy to test and prioritise the fixes to fend off potential attacks."