Microsoft fixes 31 flaws in record on Tuesday update

BEIJING, June 10 (Xinhuanet) -- Microsoft issued a record-breaking number of software security updates for its June Patch Tuesday release, fixing a record 31 security flaws in a total of 10 updates, media reports said Wednesday.

Altogether, the patches repaired numerous vulnerabilities in Microsoft Windows 2000, Vista, XP, Windows Server 2003 and 2008, Office and multiple versions of Internet Explorer, including IE8, with six of the 10 patches designated for errors deemed critical.

Critical flaws indicate that the flaw enables hackers to launch malicious code in remote attacks.

One error in the patch load, given the less severe ranking of "important," was found to be exploited in the wild. The glitch occurred in Internet Information Service (IIS) and opened the door for attackers to gain unauthorized access to a Web server in order to view or steal personally identifying and financial information. The attacker could infiltrate a system by sending a malicious HTTP request to a Web site that requires authentication.

Experts said that a worst-case scenario in an IIS exploit would enable a hacker to access user names and passwords for other accounts on the server, which could then be used to launch a malicious attack on the server itself.

Microsoft first disclosed the IIS issue in May, indicating that the company was able to identify the vulnerability and repair it within a matter of weeks.

Microsoft's June security bulletin also contained fixes for critical Office glitches in Microsoft Word and Excel, all of which left systems vulnerable to remote code execution if a user opened a malicious Excel or Word file.