Microsoft has released security updates repairing 15 security vulnerabilities in Windows and bundled products.
Nine of the repaired vulnerabilities are rated 'critical', indicating that attackers can exploit the flaw without any user interaction.
Internet Explorer is the most patched Microsoft application in the June release. The browser received six plugs, five of which will repair 'critical' vulnerabilities.
The application is a prime target for attackers attempting to steal confidential information or recruit a computer for a botnet.
The flaws could allow malicious users to set up attacks by hosting a specially crafted website that promises content such as free pornographic images.
The remaining 'critical' flaws are spread over three other Windows components. Two affect the Mail application bundled with Windows Vista and could be exploited when a user opens a specially crafted message.
One affects the Secure Channel Windows component that implements the Secure Sockets Layer and Transport Layer Security internet standards in Windows XP.
The final 'critical' vulnerability is in an undisclosed component of the Win32 application programming interface.
The technology allows third-party applications to interact with the operating system but is also used by Internet Explorer to parse specially crafted web pages. The flaw affects Windows 2000, XP and Server 2003.
The remaining security holes have severity ratings ranging from 'important' to 'low'. Users can download the update from Windows Update or Microsoft Update Services.
Full details of Microsoft's June security update are available on the TechNet Security Center website.
Microsoft issues 15 security updates
By Tom Sanders on Jun 14, 2007 11:35AM