Microsoft June update goes live, fixes four critical flaws

  • Redmond (WA) - Microsoft has posted its latest security bulletin, offering patches for six vulnerabilities, four of which are labeled critical.

    The four critical vulnerabilities all deal with remote code execution.  Almost all of them deal with a vulnerability in Internet Explorer that a hacker could exploit to gain access to an infected remote PC.

    Another flaw deals with Microsoft's e-mail applications, Outlook Express and Windows Mail.  Vista users running Windows Mail, and anyone with Outlook Express could be infected through a specific bug that originates if the user visits a certain website.

    The final critical vulnerability, which deals with Win32 API, can only impact users if an attack is launched locally.  This could elevate user privileges as well as allow remote code execution.

    In addition, there's a patch labeled "important" that would infect users who open a malicious Microsoft Visio file, which would allow the attacker to gain remote access, as well as another local vulnerability that would allow normal users to access administrative passwords and other registry files.

    The update is available now through Windows Update and through Microsoft's security website.