Patch Tuesday June 2012

It’s Microsoft’s Patch Tuesday for June 2012

Last week Microsoft issued and out of band emergency update. That was done in preparation for this weeks updates. Even just after today’s release, there has been an announcement of another vulnerability from Microsoft not fixed in these patches. Additionally, there are updates for Java with Apple updating Java for it’s OS in a timely manner this time too. Other important updates include an update for iTunes. Finally, I going to stop regular Patch Tuesday posts here – more about that at the bottom of the post.

A quick review of Microsoft’s updates for this Patch Tuesday.

Window Update
This is what Window Update looks like in the start menu

The most important in Microsoft’s patches this month is an Internet Explorer update. It fixes a security bug that Microsoft is currently seeing exploits against. That means every Windows computer needs this patch right away. There several other updates making this an average Patch Tuesday in update number. I am seeing about 10 on XP machines not using Microsoft Office. Restarts were needed.

After releasing today’s patches, Microsoft gave a warning on a new security problem not covered in today release.

There is a security problem with xml files in all version of Windows, Office 2003, Office 2007, and Internet Explorer. It is already being used to infect computers. All you have to do is visit an infected website with Internet Explorer.

This attack is currently in use.

Again, all you have to do is visit a malicious website using Internet Explorer and your computer will get infected. There is no patch yet. Microsoft has issued a Fixit (a temporary fix till a regular patch can be distributed) but I am not linking to it as there can be problems with it and people much better then me seem to be unsure about it.

The best way to avoid this attack is not to use Internet Explorer till a full patch is issued. Use Google Chrome (my favorite) or Firefox.

A Java update was released today too.

Oracle released an update for Java. I don’t know if there are any current attacks against the old versions but why wait to find out? This time Apple has also released an update for Java on the Mac OS. I guess they learned the hard way about waiting to update Java last time.

Apple released an update for iTunes.

There is a issue where a malicious m3u playlist can infect your computer. There is also a problem with Webkit being infected by visiting a malicious website.

Finally, this will be the last time I regularly cover Patch Tuesday at Online IT Guide.

My goal was to encourage people to keep their computers updated each month an let them know how important it is. Unfortunately, I find I am either confusing my target audience (my mom) or they don’t really care enough to pay attention anyways to read it. I get the same calls two weeks later about what the orange icon means. At the same time, more advanced users think I am an idiot for explaining things.

I’ll be trying to focus more on blogging and developing a website. And, if I see something important, I’ll let you know if there is something you need to update. I’ll be looking for Microsoft’s fix for the XML file problem announced today and let you know.