Feeds

Redmond patches 66 flaws on Patch Tuesday

June update also brings Flash and Surface firmware fixes

Top 5 reasons to deploy VMware with Tegile

Microsoft has released updates for critical flaws in Word, Office, and Internet Explorer, along with firmware updates for its Surface 2 tablet line.

Redmond said that the June edition of Patch Tuesday would address a total of 66 common vulnerabilities and exposures (CVE)–class vulns, most of them in Internet Explorer.

In total, the IE bulletin addresses 59 flaws, an unusually large patch load considering Microsoft's monthly update cycle. The update, which applies to all versions of Internet Explorer 8 through 11, includes fixes for remote code execution and elevation of privilege flaws in the browser. The company said that two of the flaws have already been publicly disclosed, and that the update should be considered a top priority for testing and deployment.

The second critical bulletin will address a flaw in the Microsoft Graphics Component which could potentially allow remote code execution by way of a specially crafted webpage or file. The flaw is present in all currently supported versions of Windows, Office, and Lync.

The remaining five bulletins include fixes for elevation of privilege, denial of service, and data tampering flaws in Windows, as well as a remote code execution vulnerability in Office and an information disclosure vulnerability in Lync Server.

Microsoft is also using Patch Tuesday to post a firmware update for its Surface 2 tablets. The update applies to both the ARM-equipped Surface 2 and the x86 Surface 2 Pro, and will include fixes for sleep transition and Surface Cover stability issues, as well as MicroSD compatibility on the Surface 2 Pro. The update will only apply to the Surface 2 line, and not the original Surface and Surface Pro models.

Additionally, the release will mark the end of automatic updates for early versions of Windows 8.1. Users are advised to update their systems with the Windows 8.1 Update release in order to receive software updates from Redmond.

Meanwhile, Adobe has posted a security update for Flash Player on Windows, OS X, and Linux systems. The patch will address six CVE-listed vulnerabilities, including remote code execution flaws in the browser plug-in. ®

Users running Internet Explorer are advised to install the update as soon as possible. Chrome and Android users should automatically receive the update through the browser. ®

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.