Microsoft is expected to release three security patches on May 9, the company's regularly-scheduled second-Tuesday patch day. At least two of the three are "critical."
Two affect Windows, while the third will resolve one or more issues in the Microsoft Exchange mail server software.
At the same time, the company will release a refreshed edition of its Windows Malicious Software Removal Tool, and two non-security, high-priority updates via Microsoft Update (MU) and Windows Server Update Services (WSUS).
Microsoft has just posted their security patch builletin for June. As usual all required patches for your PC can be found on Windows Update. Here's a brief summary of the "critical" and "important" level vulnerabilities. (Read more for "moderate" level patches)
MS05-025: Cumulative Security Update for Internet Explorer (883939) Critical Vulnerabilities exist in Internet Explorer, the most sever of these could allow an attacker to take complete control of an affected system.
MS05-026: Vulnerability in HTML Help Could Allow Remote Code Execution (896358) Critical A vulnerability exists in HTML Help that could allow an attacker to take complete control of an affected system.
MS05-027: Vulnerability in SMB Could Allow Remote Code Execution (896422) Critical A vulnerability exists in Windows that could allow an attacker to take complete control of an affected system. An attacker needs to authenticate to be able to exploit this vulnerability.
MS05-028: Vulnerability in Web Client Service May Allow Remote Code Execution (896426) Important A vulnerability exists in the Windows Web Client Service that could allow an attacker to take complete control of an affected system.
MS05-029: Vulnerability in Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site Scripting Attacks (895179) Important A cross-site scripting vulnerability exists in Outlook Web Access for Microsoft Exchange that could allow an attacker to run a malicious script in Outlook Web Access.
MS05-030: Cumulative Security Update for Outlook Express (897715) Important A vulnerability exists in Outlook Express that could allow an attacker to take complete control of an affected system.
MS05-031: Vulnerability in Microsoft Windows Interactive Training Could Allow Remote Code Execution (898458) Important A vulnerability exists in Windows that could allow an attacker to take complete control of an affected system. Microsoft Windows Interactive Training is not installed by default.
Moderate Threat MS05-032: Vulnerability in Microsoft Agent Could Allow Spoofing (890046) Important A vulnerability exists in Microsoft Agent that could enable an attacker to spoof trusted Internet content. An attacker first have to persuade a user to visit the attacker’s site to attempt to exploit this vulnerability.
MS05-033: Vulnerability in Telnet Client Could Allow Information Disclosure (896428) Important A vulnerability exists in the Windows Telnet Client that could enable an attacker to retrieve unpredictable information from a system.
MS05-034: Cumulative Security Update for ISA Server 2000 (899753) Important Vulnerabilities exist in Microsoft ISA Server 2000 that could allow circumvention of a packet filter and enable an attacker to retrieve unpredictable information from an ISA Server’s cache or from a system behind the ISA server .
A total of 10 Micro$oft security updates will be released on 14 June to fix a variety of flaws in the windows operating system. Some of the updates have been rated as critical June's update involves fixing 10 separate problems with Windows; seven of the fixes are for the Windows operating system, one is for Exchange servers and the final two affect Windows Services for Unix, ISA Server and Small Business Server. Applying some of the patches will mean machines will have to be restarted.