Eight critical security patches from Microsoft

Microsoft has released its June 2006 security bulletin, which includes 12 updates; 8 are listed by Microsoft as critical, 2 are moderate, and 2 are important. Four of the critical update bulletins affect all versions of Windows, including a new cumulative update for Internet Explorer. One of the critical updates is specific to Windows 98, 98 SE, and Me editions. Two of the critical updates this month are specific to Microsoft Office. The eight critical patches fix twenty-one individual flaws within Windows and Office products. Given the large number of critical updates this month, if you haven't downloaded recent security patches for your PC, you should do so now. All Microsoft security patches for Windows and Office software are available via Microsoft Update or the individual bulletins detailed below.

MS06-021: Critical

Entitled "Cumulative Security Update for Internet Explorer (916281)," this advisory affects all versions of Windows and all versions of Internet Explorer 5.01 through 6. Exploitation could lead to remote code execution on vulnerable PCs.

MS06-022: Critical

Entitled "Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)," this advisory affects all versions of Windows. Exploitation could lead to remote code execution on vulnerable PCs.

MS06-023: Critical

Entitled "Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)," this advisory affects all versions of Windows. Exploitation could lead to remote code execution on vulnerable PCs.

MS06-024: Critical

Entitled " Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)" this advisory affects all versions of Windows and all versions of Windows Media Player 7.01 through 10. The advisory does not affect Media Player 6. Exploitation could lead to remote code execution on vulnerable PCs.

MS06-025: Critical

Entitled " Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)," this advisory affects Windows 2000 SP4 and Windows XP SP1 and SP2. The advisory does not affect Windows 98, 98 SE, or Me. Exploitation could lead to remote code execution on vulnerable PCs.

MS06-026: Critical

Entitled " Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (918547)," this advisory affects Windows 98, 98 SE, and M. This advisory does not affect Windows 2000 SP4 or Windows XP SP1 or SP2. Exploitation could lead to remote code execution on vulnerable PCs.

MS06-027: Critical

Entitled "Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)," this advisory affects Microsoft Word 2000, 2002, 2003, and Word Viewer 2003. It also affects Microsoft Works Suites versions 2001 through 2006. This advisory does not affect Microsoft Word for Mac. Exploitation could lead to remote code execution on vulnerable PCs.

MS06-028: Critical

Entitled "Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)," this advisory affects Microsoft PowerPoint 2000, 2002, 2003, and Microsoft PowerPoint for Mac 2004. Exploitation could lead to remote code execution on vulnerable PCs.

MS06-029: Important

Entitled "Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)," this advisory affects Microsoft Exchange 2000 Server Pack 3 and Microsoft Exchange Server 2003 SP1 and SP2. Exploitation could lead to remote code execution on vulnerable PCs.

MS06-030: Important

Entitled "Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)," this advisory affects Windows 2000 SP4 and Windows XP SP1 and SP2. This advisory does not affect Windows 98, 98 SE, and Me. Exploitation could allow a remote attacker to elevate user privileges on vulnerable PCs.

MS06-031: Moderate

Entitled "Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736)," this advisory affects only Windows 2000 SP4. This advisory does not affect Windows 98, 98 SE, Me, or Windows XP SP1 or SP2. Exploitation could allow a remote attacker to spoof a trusted network source.

MS06-032: Moderate

Entitled "Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)," this advisory affects Windows 2000 SP4 and Windows XP SP1 and SP2. This advisory does not affect Windows 98, 98 SE, and Me. Exploitation could lead to remote code execution on vulnerable PCs.