Microsoft to fix 34 holes in Windows, Office, IE

Patch Tuesday bulletins for June will include fixes for outstanding SharePoint and IE vulnerabilities.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

June 3, 2010 5:30 p.m. PT

Microsoft will on Tuesday issue 10 bulletins fixing 34 vulnerabilities affecting Windows, Office, and Internet Explorer.

Six of the bulletins affect Windows, with two of those rated critical by Microsoft. Two bulletins target Office, one targets both Windows and Office, and one critical bulletin affects Internet Explorer, according to a Microsoft Security Response Center blog post on Thursday.

Microsoft also said that with the June bulletins it will be closing Security Advisory 983438, which involves a vulnerability in SharePoint Services 3.0 and SharePoint Server 2007 that was disclosed in late April and which could lead to a cross-site scripting attack via the browser. Proof-of-concept exploit code has been published for that.

The bulletins also address Security Advisory 980088, which involves a hole in IE that could allow information disclosure for users running the browser on Windows XP. It was disclosed in February.

"The June release is a large update and will keep system administrators busy, even if they have migrated to Windows 7 already (the end-of-life date for Windows XP SP2 is coming closer and Windows 7 is certainly one of the options to migrate to...)," Wolfgang Kandek, chief technology officer of Qualys, wrote in a blog post.