Microsoft has released a security bulletin for June 2009 to address three vulnerabilities in Microsoft Windows products, six of them are critical. We strongly suggest applying the patches provided by Microsoft for these vulnerabilities.
Critical
Vulnerabilities in Active Directory Could Allow Remote Code Execution
This security update resolves two privately reported vulnerabilities in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003, and Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003.
The patch and additional information are available here.
Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution
This security update resolves three privately reported vulnerabilities in Windows Print Spooler. The most severe vulnerability could allow remote code execution if an affected server received a specially crafted RPC request.
The patch and additional information are available here.
Cumulative Security Update for Internet Explorer
This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
The patch and additional information are available here.
Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution
This security update resolves two privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Word file. An attacker who successfully exploited either vulnerability could take complete control of an affected system.
The patch and additional information are available here.
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution
This security update resolves several privately reported vulnerabilities that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system.
The patch and additional information are available here.
Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution
This security update resolves a privately reported vulnerability in the Microsoft Works converters. The vulnerability could allow remote code execution if a user opens a specially crafted Works file. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.
The patch and additional information are available here.
Important
Vulnerability in RPC Could Allow Elevation of Privilege
This security update resolves a publicly disclosed vulnerability in the Windows remote procedure call (RPC) facility where the RPC Marshalling Engine does not update its internal state appropriately. The vulnerability could allow an attacker to execute arbitrary code and take complete control of an affected system.
The patch and additional information are available here.
Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
This security update resolves two publicly disclosed and two privately reported vulnerabilities in the Windows kernel that could allow elevation of privilege. An attacker who successfully exploited any of these vulnerabilities could execute arbitrary code and take complete control of an affected system.
The patch and additional information are available here.
Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in Microsoft Internet Information Services (IIS). The vulnerabilities could allow elevation of privilege if an attacker sent a specially crafted HTTP request to a Web site that requires authentication.
The patch and additional information are available here.
Moderate
Vulnerability in Windows Search Could Allow Information Disclosure
This security update resolves a privately reported vulnerability in Windows Search. The vulnerability could allow information disclosure if a user performs a search that returns a specially crafted file as the first result or if the user previews a specially crafted file from the search results.
The patch and additional information are available here.
Refrences:
