Microsoft has published its June Advance Notification, giving us insight into what to expect Tuesday June 11. This release is relatively small with only one critical and four important security bulletins making it the smallest of 2013 yet. However, it does patch some of the more widely used and important windows components.
Bulletin 1 is rated critical and affects all versions of Internet Explorer on all Windows platforms. If left unpatched, this vulnerability can cause RCE (remote code execution) which implies that an attacker can take control of the victim computer if the victim browses to a malformed website using Internet Explorer(IE). Since the browser is a window to the internet, IE users should apply this RCE patch as soon as it is released.
Bulletin 2, fixes an information disclosure vulnerability in the server and desktop versions of Windows 32-bit systems. Windows 7, 8, Vista, XP as well as Server 2003 and 2008 are affected. Systems that are not affected include Windows Server 2008 R2, 2012 and Windows RT.
Bulletin 3 is only a denial-of-service vulnerability, but since it affects server operating systems, including Windows 2008, R2 and 2012, we need to watch if it can be exploited remotely by sending malicious packets of data on listening services. We will update you more on this next Tuesday when more information is available. Bulletin 4 is an elevation of privilege vulnerability, which implies that an attacker would need valid credentials to exploit this issue and gain higher privileges.
Bulletin 5 impacts Microsoft Office 2003 SP3 as well as Office for Mac 2011. Microsoft Office has a widely deployed customer base and usually the attack is carried out by sending malicious files via e-mail or hosting them on a compromised website. This vulnerability also allows an attacker to take full control of the victim machine and is classified as an RCE.
| Bulletin ID | Maximum Severity Rating and Vulnerability Impact | Restart Requirement | Affected Software |
|---|---|---|---|
| Bulletin 1 | Critical Remote Code Execution |
Requires restart | Microsoft Windows, Internet Explorer |
| Bulletin 2 | Important Information Disclosure |
Requires restart | Microsoft Windows |
| Bulletin 3 | Important Denial of Service |
Requires restart | Microsoft Windows |
| Bulletin 4 | Important Elevation of Privilege |
Requires restart | Microsoft Windows |
| Bulletin 5 | Important Remote Code Execution |
May require restart | Microsoft Office |
| Windows XP | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Bulletin Identifier | Bulletin 1 | Bulletin 2 | Bulletin 3 | Bulletin 4 | ||||||||||
| Aggregate Severity Rating | Critical | Important | None | None | ||||||||||
| Windows XP Service Pack 3 | Internet Explorer 6 (Critical) Internet Explorer 7 Internet Explorer 8 |
Windows XP Service Pack 3 (Important) |
Not applicable | Not applicable | ||||||||||
| Windows XP Professional x64 Edition Service Pack 2 | Internet Explorer 6 (Critical) Internet Explorer 7 Internet Explorer 8 |
Not applicable | Not applicable | Not applicable | ||||||||||
| Windows Server 2003 | ||||||||||||||
| Bulletin Identifier | Bulletin 1 | Bulletin 2 | Bulletin 3 | Bulletin 4 | ||||||||||
| Aggregate Severity Rating | Moderate | Important | None | None | ||||||||||
| Windows Server 2003 Service Pack 2 | Internet Explorer 6 (Moderate) Internet Explorer 7 Internet Explorer 8 |
Windows Server 2003 Service Pack 2 (Important) |
Not applicable | Not applicable | ||||||||||
| Windows Server 2003 x64 Edition Service Pack 2 | Internet Explorer 6 (Moderate) Internet Explorer 7 Internet Explorer 8 |
Not applicable | Not applicable | Not applicable | ||||||||||
| Windows Server 2003 with SP2 for Itanium-based Systems | Internet Explorer 6 (Moderate) Internet Explorer 7 |
Not applicable | Not applicable | Not applicable | ||||||||||
| Windows Vista | ||||||||||||||
| Bulletin Identifier | Bulletin 1 | Bulletin 2 | Bulletin 3 | Bulletin 4 | ||||||||||
| Aggregate Severity Rating | Critical | Important | Moderate | Important | ||||||||||
| Windows Vista Service Pack 2 | Internet Explorer 7 (Critical) Internet Explorer 8 Internet Explorer 9 |
Windows Vista Service Pack 2 (Important) |
Windows Vista Service Pack 2 (Moderate) |
Windows Vista Service Pack 2 (Important) |
||||||||||
| Windows Vista x64 Edition Service Pack 2 | Internet Explorer 7 (Critical) Internet Explorer 8 Internet Explorer 9 |
Not applicable | Windows Vista x64 Edition Service Pack 2 (Moderate) |
Windows Vista x64 Edition Service Pack 2 (Important) |
||||||||||
| Windows Server 2008 | ||||||||||||||
| Bulletin Identifier | Bulletin 1 | Bulletin 2 | Bulletin 3 | Bulletin 4 | ||||||||||
| Aggregate Severity Rating | Moderate | Important | Moderate | Important | ||||||||||
| Windows Server 2008 for 32-bit Systems Service Pack 2 | Internet Explorer 7 (Moderate) Internet Explorer 8 Internet Explorer 9 |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Important) |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Moderate) |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Important) |
||||||||||
| Windows Server 2008 for x64-based Systems Service Pack 2 | Internet Explorer 7 (Moderate) Internet Explorer 8 Internet Explorer 9 |
Not applicable | Windows Server 2008 for x64-based Systems Service Pack 2 (Moderate) |
Windows Server 2008 for x64-based Systems Service Pack 2 (Important) |
||||||||||
| Windows Server 2008 for Itanium-based Systems Service Pack 2 | Internet Explorer 7 (Moderate) |
Not applicable | Windows Server 2008 for Itanium-based Systems Service Pack 2 (Moderate) |
Windows Server 2008 for Itanium-based Systems Service Pack 2 (Important) |
||||||||||
| Windows 7 | ||||||||||||||
| Bulletin Identifier | Bulletin 1 | Bulletin 2 | Bulletin 3 | Bulletin 4 | ||||||||||
| Aggregate Severity Rating | Critical | Important | Moderate | Important | ||||||||||
| Windows 7 for 32-bit Systems Service Pack 1 | Internet Explorer 8 (Critical) Internet Explorer 9 Internet Explorer 10 |
Windows 7 for 32-bit Systems Service Pack 1 (Important) |
Windows 7 for 32-bit Systems Service Pack 1 (Moderate) |
Windows 7 for 32-bit Systems Service Pack 1 (Important) |
||||||||||
| Windows 7 for x64-based Systems Service Pack 1 | Internet Explorer 8 (Critical) Internet Explorer 9 Internet Explorer 10 |
Not applicable | Windows 7 for x64-based Systems Service Pack 1 (Moderate) |
Windows 7 for x64-based Systems Service Pack 1 (Important) |
||||||||||
| Windows Server 2008 R2 | ||||||||||||||
| Bulletin Identifier | Bulletin 1 | Bulletin 2 | Bulletin 3 | Bulletin 4 | ||||||||||
| Aggregate Severity Rating | Moderate | None | Moderate | Important | ||||||||||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | Internet Explorer 8 (Moderate) Internet Explorer 9 Internet Explorer 10 |
Not applicable | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Moderate) |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Important) |
||||||||||
| Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 | Internet Explorer 8 (Moderate) |
Not applicable | Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (Moderate) |
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (Important) |
||||||||||
| Windows 8 | ||||||||||||||
| Bulletin Identifier | Bulletin 1 | Bulletin 2 | Bulletin 3 | Bulletin 4 | ||||||||||
| Aggregate Severity Rating | Critical | Important | Important | Important | ||||||||||
| Windows 8 for 32-bit Systems | Internet Explorer 10 (Critical) |
Windows 8 for 32-bit Systems (Important) |
Windows 8 for 32-bit Systems (Important) |
Windows 8 for 32-bit Systems (Important) |
||||||||||
| Windows 8 for 64-bit Systems | Internet Explorer 10 (Critical) |
Not applicable | Windows 8 for 64-bit Systems (Important) |
Windows 8 for 64-bit Systems (Important) |
||||||||||
| Windows Server 2012 | ||||||||||||||
| Bulletin Identifier | Bulletin 1 | Bulletin 2 | Bulletin 3 | Bulletin 4 | ||||||||||
| Aggregate Severity Rating | Moderate | None | Important | Important | ||||||||||
| Windows Server 2012 | Internet Explorer 10 (Moderate) |
Not applicable | Windows Server 2012 (Important) |
Windows Server 2012 (Important) |
||||||||||
| Windows RT | ||||||||||||||
| Bulletin Identifier | Bulletin 1 | Bulletin 2 | Bulletin 3 | Bulletin 4 | ||||||||||
| Aggregate Severity Rating | Critical | None | Important | Important | ||||||||||
| Windows RT | Internet Explorer 10 (Critical) |
Not applicable | Windows RT (Important) |
Windows RT (Important) |
||||||||||
| Server Core installation option | ||||||||||||||
| Bulletin Identifier | Bulletin 1 | Bulletin 2 | Bulletin 3 | Bulletin 4 | ||||||||||
| Aggregate Severity Rating | None | Important | Important | Important | ||||||||||
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | Not applicable | Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) (Important) |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) (Moderate) |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) (Important) |
||||||||||
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | Not applicable | Not applicable | Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) (Moderate) |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) (Important) |
||||||||||
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | Not applicable | Not applicable | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (Moderate) |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (Important) |
||||||||||
| Windows Server 2012 (Server Core installation) | Not applicable | Not applicable | Windows Server 2012 (Server Core installation) (Important) |
Windows Server 2012 (Server Core installation)
Microsoft Office Suites and Software
|
||||||||||