Microsoft releases 7 patches for 10 separate flaws

" title="Microsoft releases 7 patches for 10 separate flaws" />

Microsoft on Tuesday released June's Patch bundle that contains a total seven patches which address about 10 separate vulnerabilities. Of its June rollout of security fixes, Redmond has deemed three "critical," three "important" and one "moderate."

The critical patch contains three critical fixes: dealing with Vulnerability in Bluetooth Stack that could allow remote code execution, Cumulative Security Update for Internet Explorer and Vulnerabilities in DirectX that could allow remote code execution.

Both the DirectX and IE updates address flaws that affect almost all versions of Windows, including Windows 2000, Windows XP, Windows Vista and Windows Server 2003 and 2008 as well as Internet Explorer 7, while the Bluetooth error only affects Windows XP and Vista. All three critical fixes address vulnerabilities that permit hackers to execute code remotely.

The IE bulletin resolves two vulnerabilities, one privately reported and one publicly disclosed. The privately reported vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer, while the publicly disclosed vulnerability could allow information disclosure if a user viewed a specially crafted Web page using Internet Explorer, as the software mammoth described on its Website.

The DirectX security update resolves two privately reported vulnerabilities in Microsoft DirectX that could allow remote code execution if a user opens a specially crafted media file, while the Bluetooth update resolves a privately reported vulnerability in the Bluetooth stack in Windows that could allow hackers to steal information remotely.

Besides three critical patches, the June Patch includes three bulletins that are rated "important", which deal with Vulnerability in WINS that could allow elevation of privilege, Vulnerability in Active Directory (AD) that could allow denial of service and Vulnerabilities in Pragmatic General Multicast (PGM) that could allow denial of service.

The security flaws in PGM and AD could enable a denial-of-service attack, while the error in WINS could allow an attacker to gain elevated user privileges without authorization.

The final patch, rated "moderate," applies to the Kill Bit function in Windows programs, a method by which a user can shut off an ActiveX control in IE. This security update resolves a publicly reported vulnerability for the Microsoft Speech API. According to Microsoft, the flaw could allow remote code execution if a user viewed a specially crafted Web page using IE and has the Speech Recognition feature in Windows enabled.

The release of the bulletins for June 2008 brings the number of security bulletins issued by Microsoft this year to 36.