It'll be a light Patch Tuesday this month for users of Microsoft Windows and Microsoft Office.
The software giant will fix five flaws in its software (including Mac software) on Tuesday, June 11 — down from 10 in May and nine in April.
Only one of this month's vulnerabilities is deemed "critical," in that it could let a hacker remotely run malicious code without the legitimate user's knowledge.
However, according to Microsoft's advance June security bulletin, which doesn't disclose many details, that vulnerability apparently affects all currently supported versions of Windows (XP through 8 and the tablet-only RT) and Internet Explorer (6 through 10) — which makes it especially urgent.
Security experts are eager to learn more about that flaw, because Tavis Ormandy, a well-known Google researcher, controversially recently exposed just such a Windows vulnerability and then wrote software to exploit it.
Ormandy feels that Microsoft doesn't move quickly enough to patch flaws unless they're either made public or actively exploited by malicious hackers.
Google's security team recently announced that it would give other software vendors a window of only seven days to patch flaws "under active attack" before making the flaws public. Other software companies feel a week isn't long enough.
Microsoft normally issues Windows and Office security patches on the second Tuesday of every month. For especially critical flaws, usually those actively being exploited, it will issue out-of-cycle updates.
The other four bugs detailed in Microsoft's security bulletin are deemed "important," which Microsoft defines as those that could corrupt or leak user data or could crash applications or the entire system.
One vulnerability affects only the 32-bit versions of Windows XP through 8; two others affect Windows Vista through 8/RT.
The fourth "important" flaw affects Microsoft Office 2003, which was designed for Windows XP, and, interestingly, Microsoft Office for Mac 2011, which was released several years later.
- 13 Security and Privacy Tips for the Truly Paranoid
- Why the NSA's PRISM Program Shouldn't Surprise You
- 10 Best Anti-Virus Products
© 2012 TechNewsDaily