It\u2019s wise to ask what if [insert scary insecurity scenario] happened. But forget about \u201cwhat if\u201d hypothetical mentality and worst-case cybersecurity scenarios for a minute, Microsoft\u2019s Dustin Childs advised\u00a0before launching into the reality of the here and now for the critical MS14-035 Internet Explorer patch; it resolves 59 items, including CVE-2014-1770, which was publicly disclosed by HP TippingPoint\u2019s Zero Day Initiative (ZDI) after Microsoft failed to fix the flaw for over 180 days.Childs wrote:If we consider the worst-case scenario analogous to a tree falling in the woods, is there a sound if no one is around to hear it? Similarly, does a vulnerability make a sound if it never gets exploited?\u00a0 When we become aware of a potential security issue, we work to fix it regardless of whether or not it is under active attack. In other words, it doesn\u2019t matter if that falling tree makes a noise; we still have an action to take. Why? Because one day in the future, it\u2019s possible what we\u2019re delivering today could get exploited if not addressed. However, we\u2019re not in the future; we\u2019re in the land of the here and now.\u00a0 And while we are in this land, we sometimes confuse theoretical thinking with the actuality of impact to real people. Until something actually occurs it is still theory; we\u2019re taking the theoretical and making practical updates against future \u201cwhat ifs.\u201dJust the same, Wolfgang Kandek, CTO of Qualys, said, \u201cThis one is top of the list for you to fix, since all the information has been out there for over two weeks.\u201dSee also: Microsoft knew about Internet Explorer zero-day for 7 months, but didn't patchMicrosoft released one other patch rated critical, MS14-036, to fix more remote code execution (RCE) vulnerabilities, but in Microsoft Graphics Component this time.\u201cThis security update resolves two privately reported vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Lync.\u201d The summary states, \u201cThe vulnerabilities could allow remote code execution if a user opens a specially crafted file or webpage. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\u201dIn total, the seven patches released in June address 66 Common Vulnerabilities and Exposures (CVEs) for Microsoft Windows, Internet Explorer, and Microsoft Office customers. Both critical rated patches require a restart.Here are the five other security updates rated as important:MS14-034 is to fix a privately reported RCE flaw in Microsoft Office. \u201cThe vulnerability could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.\u201dMS14-030 patches a privately reported vulnerability in Windows remote desktop that could allow tampering. \u201cThe vulnerability could allow tampering if an attacker gains access to the same network segment as the targeted system during an active Remote Desktop Protocol (RDP) session, and then sends specially crafted RDP packets to the targeted system. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.\u201dMS14-031 is the only denial-of-service vulnerability patched in June. The vulnerability in Windows was privately reported and \u201ccould allow denial of service if an attacker sends a sequence of specially crafted packets to the target system.\u201dMS14-033 resolves a privately reported vulnerability in Microsoft Windows that \u201ccould allow information disclosure if a logged on user visits a specially crafted website that is designed to invoke Microsoft XML Core Services (MSXML) through Internet Explorer. To exploit, an attacker would have to trick a user into visiting his\/her website such as via email, IM or a link posted on a social networking site.\u201dMS14-032 fixes another information disclosure flaw, but in Microsoft Lync Server this time. \u201cThe vulnerability could allow information disclosure if a user tries to join a Lync meeting by clicking a specially crafted meeting URL.\u201d The hole was privately reported and the security patch is \u201crated important for all supported editions of Microsoft Lync Server 2010 and Microsoft Lync Server 2013.\u201dDon\u2019t expect any updates for Windows XP, but Windows Embedded POSReady 2009 will have patches, as will any devices with the registry hack that tricks Windows Update into delivering security updates. As noted previously, the embedded OS is based on Windows XP Service Pack 3 and will receive patches until April 2019. Seriously, though, if you are still clinging to XP then I\u2019m seriously worried about you. Ditch it now.As a reminder, Windows 8.1 devices will not receive security updates unless users previously installed the Windows 8.1. Update that Microsoft initially released in April. If you didn\u2019t install that update and therefore won\u2019t be getting more patches, feel free to play disastrous \u201cwhat if\u201d cybersecurity scenarios as one may be coming to a device near you soon.Happy patching!