Patch Tuesday: Microsoft to fix one critical Internet Explorer flaw
It looks like June will be a relatively quiet month for security patches, with Microsoft set to dish out just one fix for a "critical" flaw in Internet Explorer.
The software giant said in its latest advanced security bulletin that it has five security vulnerability bulletins, including an Internet Explorer zero-day flaw that is currently being exploited in the wild by hackers and malware writers.
All versions of Internet Explorer 6 and above, including IE10 on Windows 7 and Windows 8 devices — which include Surface and Surface RT tablets — and Windows Server products, will require patching as soon as possible.
The zero-day flaw in Internet Explorer allows a remote code execution attack, in which a hacker can exploit the flaw to install malicious software on an affected computer.
As with all advanced notifications, Microsoft doesn't want to tip off the hackers with exactly what the flaw is, but more details will be released next week after the patches are released.
It comes at a delicate time for Microsoft, which in recent weeks was embroiled in a public rival security street fight with Google. A security expert working at the search giant publicly disclosed the flaw instead of reporting it directly to Microsoft. Instead, he published the vulnerability on a public disclosure list.
It's not clear if the patch for this privilege escalation flaw will make it in to the June round-up of security updates.
The other four bulletins are rated "important," and affect Windows and Office. In all, the 23 individual flaws range from information disclosure, an elevation of user privileges, denial of service attacks, and remote code execution, which can allow malware onto an affected device.
In a rare update, Microsoft will update its Office for Mac 2011 software — the version of the productivity suite for Apple OS X-based machines — with an "important" rated update. The bulletin will also include a patch for Office 2003 (Service Pack 3) for Windows machines.
Microsoft will release its latest round of security updates and patches on June 7, and those will be available on all the usual update channels.