Microsoft fixes critical flaws in Windows and Internet Explorer

Microsoft is urging users and administrators to update their systems following the release of seven security bulletins for Windows.

The bulletins address a total of 26 unique security vulnerabilities and are posted as part of the company's monthly 'Patch Tuesday' security update programme.

The company made a pair of bulletins for Windows and Internet Explorer (IE) the top installation priorities.

The Windows vulnerability is considered a critical risk for all currently supported versions of Windows and, if targeted, could allow an attacker to remotely execute code on a targeted system. The IE bulletin addresses a total of 13 different vulnerabilities in the browser, including remote code execution flaws.

The third critical bulletin, which addresses a remote code execution flaw in the .NET platform, is being considered a lower deployment priority than the Windows and IE patches. The remaining four updates are all classified by the company as 'important' security updates and are being considered number two and number three deployment priorities.

The June security update comes just one week after Microsoft posted an update to address security holes exploited in the Flame malware attacks.

While experts have expressed concern that the attack methods could be adapted for use in more widespread malware attacks, researchers said that companies remained unlikely to be targeteted by a Flame-like attack. Firms should focus on patching systems to protect against the far more common web exploit kits and attack sites.

"Though Flame has been highly publicised, it is also a highly targeted attack," noted McAfee Threat Intelligence Service manager Jim Walter.

"IT administrators should have that perspective when prioritising their patch rollout, starting with the patch pertaining to Flame that was issued on 3 June."