The IE cumulative June 2006 security update is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update and I encourage you to upgrade to Microsoft Update if you haven’t already.
This update addresses 8 security issues: 5 remote code execution vulnerabilities, one information disclosure vulnerability, one information disclosure/spoofing vulnerability and one spoofing vulnerability. For more information on the contents of this update, please see:
Microsoft Knowledge Base article: MS06-021 – Cumulative Security Update for Internet Explorer (KB# 916281)
Details on the vulnerabilities and workarounds can be found at http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx.
This is a “Critical” update and affects all supported IE configurations from IE5.01 to IE6 for XPSP2 and IE6 for Server 2003 Service Pack 1. IE security updates are cumulative and contain all previously released patches for each version of IE. These security updates are already contained in IE7+ in Windows Vista Beta 2.
Also, there is a security update to resolve a remote code execution vulnerability in AOL binaries that shipped with Windows and IE. For more information on the contents of this update, please see:
Microsoft Knowledge Base article: MS06-022 - Vulnerability in ART Image Rendering Could Allow Remote Code Execution (KB# 918439)
Details on the vulnerability and workarounds can be found at http://www.microsoft.com/technet/security/Bulletin/MS06-022.mspx.
I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest patches from Microsoft.
- Charles Watanabe