Nine of the repaired vulnerabilities are rated critical, a severity rating that indicated that attackers can exploit the flaw without any user interaction.
Internet explorer is the most patched Microsoft application. The browser received a total of six plugs, five of which will repair critical vulnerabilities. The application is a prime target for attackers attempting to steal confidential information or recruit a computer for a botnet. It allows users to set up attacks by hosting a specially crafted website that promises content such as free pornographic images.
The remaining critical flaw are spread out over three other Windows components. Two affect the Mail application that is bundled with Windows Vista and could be exploited when a user opens a specially crafted message. One affects the Secure Channel Windows component that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) internet standards in Windows XP.
The final critical vulnerability is found in an undisclosed component of the Win32 application programming interface (API). The technology allows third party applications to interact with the operating system but is also used by Internet Explorer to parse specially crafted web pages. The flaw affects Windows 2000, Windows XP and Windows Server 2003.
The remaining security holes have severity ratings ranging from important to low.
Users can download the update from through the Windows Update or Microsoft Update service.
Full details of Microsoft's June security update are available on the company's TechNet Security Center website.
IE takes center stage in June patch release
By Tom Sanders on Jun 13, 2007 5:37PM