Four of the promised patches will fix critical vulnerabilities in the Windows operating system or its components. Two of the critical bulletins address flaws in Windows XP, Windows 2000 and Windows Server 2003.
A flaw in versions 5.01, 6 and 7 of the Internet Explorer browser spans all currently supported versions of Windows including Vista. It ranges in severity however. Users of all versions of the browser on all Windows versions including Vista should prepare for a critical update. The flaw only received a severity rating of Moderate for systems running Internet Explorer 7 on Windows Server 2003.
The fourth critical flaw only affects the Mail application that is bundled with Windows Vista. Although the vulnerability occurs on Outlook Express for older Windows versions, the flaw there received a severity rating ranging from important to low.
A security rating of critical typically indicates that attackers can exploit the vulnerabilities without any user interaction.
The two non-critical security holes affect Vista and Visio 2002 and are respectively rated moderate and important.
June marks the first month that Microsoft publishes its expanded advanced security warnings. The previous system only grouped flaws by affected application, but didn't disclose the affected component or version of the operating system.
The Advance Notification Service is designed to allow IT administrators to prepare for upcoming patch releases. The warnings are sent out on the Thursday before each patch release, whihc are scheduled for the second Tuesday of the month.
Microsoft readies four critical June patches
By Tom Sanders on Jun 8, 2007 3:01PM