Microsoft has been busy of late, what with the scramble surrounding the Flame malware and the forged certificate that the attackers were able to use to spread the malware via a fake Windows Update service. Now, the company is planning to release seven bulletins next Tuesday covering 28 vulnerabilities in its June Patch Tuesday.
Three of the bulletins Microsoft will release are rated critical, and all of the vulnerabilities they cover can lead to remote code execution. The four other bulletins are rated important, and one of those can result in remote code execution. The seven bulletins will fix flaws in Windows, the .NET Framework, Microsoft Dynamics, Internet Explorer and Visual Basic for Applications.
Microsoft also will be rolling out a change to its Windows Update service in the coming days that is designed to harden the infrastructure and prevent the kind of attack that the Flame authors were able to pull off. That change will involve deploying a new certificate that will be the only one trusted by WU clients, and that certificate only will be used to protect WU files.
Here’s the list of the bulletins:
| Bulletin ID | Maximum Severity Rating and Vulnerability Impact | Restart Requirement | Affected Software |
|---|---|---|---|
| Bulletin 1 | Critical Remote Code Execution |
Requires restart | Microsoft Windows |
| Bulletin 2 | Critical Remote Code Execution |
Requires restart | Microsoft Windows, Internet Explorer |
| Bulletin 3 | Critical Remote Code Execution |
May require restart | Microsoft Windows, Microsoft .NET Framework |
| Bulletin 4 | Important Remote Code Execution |
May require restart | Microsoft Office, Microsoft Visual Basic for Applications |
| Bulletin 5 | Important Elevation of Privilege |
May require restart | Microsoft Dynamics AX |
| Bulletin 6 | Important Elevation of Privilege |
Requires restart | Microsoft Windows |
| Bulletin 7 | Important Elevation of Privilege |
Requires restart | Microsoft Windows |
