There is a lot going on with Patch Tuesday updates this month, even though with only five updates we have fewer than the usual monthly average of eight. Of the June updates, we see one marked as “Critical,” and four rated as “Important.” The first (and, ahem, worst) of Microsoft’s June Patch Tuesday updates relates to Internet Explorer and covers all versions (6 right up to 10) and all platforms (32, 64-bit and the new RT platforms). Over the past month, I kept an eye on some of the issues tracking IE on the Windows Update (WSUS) and security forums, and we have seen a number of issues and problems.
So, with this lone critical update, MSW13-047, Microsoft has included six General Distribution Release (GDR) fixes, as well as attempted to resolve at least 19 security flaws. I say “at least” because there appears to be a discrepancy in the number of reported of flaws in two online news sources (ZDNet and The Register). I walked through the related Common Vulnerabilities and Exposure (CVE) entries for this patch and counted 19. I counted twice, cut and pasted the results into Excel and checked again - 19. MS13-047 is a major update that replaces two prior updates, MS13-037 and MS13-038, both of which attempted to resolve a number of Critical security flaws in Microsoft's IE.
The next update on the list, MS13-048 is not as serious, either in scope of issues or breadth of updates. However, it's interesting that this security flaw was submitted by Jurczyk of the Google security team. This is a good example of the two technology giants playing nice. Microsoft rates this update as important and attempts to resolve the following issues:
"(a) Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability" and Elevation of Privilege."
This patch replaces a previous update, MS13-031, that resolved two related security flaws: both rated as Critical. This newest update is rated Important by Microsoft and looks like the main security issue has been resolved. Now we are tidying things up a little. Hopefully, this is the last we will hear about this issue.
Another patch rated as Important, MS13-049, attempts to resolve one reported security flaw documented as CVE-2013-3138 and is described as:
"A denial of service vulnerability exists in the way that the Windows TCP/IP driver improperly handles packets during TCP connection. An attacker who successfully exploited this vulnerability could cause the target system to stop responding.”
I see a cause for concern here, and I am always a little concerned when Microsoft updates drivers ─ especially network drivers. In this patch, three files are updated: Netio.sys, Fwpkclnt.sys and Tcpip.sys. The theory is that Microsoft is pretty good at updating drivers and we really should not expect any issues. However, as we said in last month's Patch Tuesday update, some updates do behave badly.
MS13-050 updates a previous patch, MS13-001, which was rated Critical and again referred to a flaw in the Windows Print spooler. The Common Vulnerability Entry (CVE) entry describes this particular issue as:
"The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka 'Windows Print Spooler Components Vulnerability.'"
We have seen this issue with Microsoft's Print Spooler before and should expect to see another update for it in the next few months. The main compatibility problems organizations will experience are with HP driver and printer control application packages. These types of applications need to be tested prior to this kind up security update.
Another "troublesome" bulletin, coded MS13-051, patches a vulnerability in Microsoft Office 2003 and Office for Mac 2011 that could allow remote code execution if a user either opens a specially-crafted Office document using an affected version of Microsoft Office software, or previews or opens a specially-crafted email message in Outlook while using Microsoft Word as an e-mail reader. This security flaw is in limited use in the wild. Basically, if you click on an email attachment with this picture format, somebody may be able to take control of your computer. This patch is rated as Important by Microsoft, but I believe that an organization’s update and deployment strategy should prioritize this patch, as we have seen again and again just how easy it is to get someone to click on a picture and potentially compromise their network.
Of the five June patches, one will require a restart and the other four "may" require a restart. As usual, it’s best to assume all require a restart to be installed correctly.
This article is published as part of the IDG Contributor Network. Want to Join?