Risk: High
Microsoft's June security bulletin issued 12 vulnerability updates, 8 of which were critical, 3 were important and 1 moderate.
One of the flaws is a zero-day Word vulnerability that has been widely publicised in the media. A maliciously crafted Word attachment permits arbitrary code execution when opened, but so far, exploitation of the vulnerability has only been seen in Japan.
The other critical flaws patched could all allow remote code execution and exist in Internet Explorer, ART Image Rendering, JScript, Windows Media Player, Windows and Powerpoint.
The important updates patched vulnerabilities found in Outlook Web Access and Windows, which could result in remote code execution and user privilege escalation.
The moderately important flaw was only found in Windows 2000 Service Pack 4 and could result in spoofing, if exploited. More information and patches are available from Microsoft's website at http://www.microsoft.com/technet/security/bulletin/ms06-jun.mspx
Just days after Microsoft's advisory was issued, new zero-day Excel flaws started to come to light. They have not yet been addressed in a separate advisory and it is widely believed that Microsoft will wait until its monthly mid-July bulletin is issued to patch the flaws. Microsoft has updated its Windows Live Safety Center to detect the attacks - users should download the update from http://safety.live.com as soon as possible.