For its June 2013 Patch Tuesday update, Microsoft has a fairly light release planned—just five security updates. However, one of those is a critical update for Internet Explorer that addresses many vulnerabilities.
InfoSecurity reported, “There are only five security bulletins from Microsoft this month, but with one involving versions of Internet Explorer from 6 to 10, and another involving an actively exploited Office vulnerability, administrators cannot afford to delay implementation. ‘Just because there are only five bulletins this month,’ warns Ziv Mador, director of security research at Trustwave, ‘doesn’t mean we shouldn’t pay attention to them.’ For forward planning, he notes that four of the five will require system restarts – and the fifth might, depending on what else is installed.”
SC Magazine quoted Paul Henry, security and forensic analyst at Lumension, who said, “It’s a record month for Microsoft this month. With just five bulletins, June marks the lowest number of bulletins we’ve seen from Microsoft to date this year, making it a light month for IT administrators.”
PCWorld’s Tony Bradley observed, “The biggest priority for June will be Bulletin 1: a cumulative update for Internet Explorer—addressing 19 of the 23 issues fixed by Microsoft for Patch Tuesday. ‘Bulletin One is downright scary, a remote code execution on IE on all versions of Windows [running from IE 6 through 10 on various platforms],’ says Ken Pickering, development manager of security intelligence for CORE Security. ‘This one would make it easy to remotely gain access to someone’s machine via a malicious webpage.'”
NetworkWorld quoted Ross Barrett of Rapid7, who said, “The next top issue would be the remote code execution in Office. Since this is listed as only ‘important,’ there are likely significant hurdles to exploitation.”