Microsoft Prepping 9 Fixes for July's Patch -- Redmondmag.com

Microsoft Prepping 9 Fixes for July's Patch

By Chris Paoli
07/05/2012

Microsoft is readying three "critical" bulletins and six "important" items for this month's security update, according to the Microsoft Security Bulletin Advance Notification

According to the bulletin listing, two of the three critical items will deal with Window flaws, while the third will address issues in both Windows and Internet Explorer. All three address remote code execution flaws.

Speaking on today's advanced bulletin announcement, Wolfgang Kandek, CTO of Qualys, Inc., discussed in a blog post why these three bulletins should be given top priority once the patch is released on Tuesday:

"Bulletin 1, rated 'critical,' affects all versions of Windows, and we expect it to address the XML vulnerability disclosed by Microsoft in June's Patch Tuesday as KB2719615," said Kandek. "This bulletin will be the highest priority for users, at least for those who did not apply Microsoft's FixIt supplied in the advisory. Bulletin 2 is for Internet Explorer (IE), and is a bit of a surprise as it breaks the usual cycle of supplying an update for IE every two months. The bulletin only applies to IE9 and is thus limited to Vista and above. Bulletin 3 is 'critical' for all desktop operating systems, XP, Vista and WIndows 7; for all others it is rated only 'moderate.'"

As for the remaining six bulletin items, they will fix a sordid collection of problems in Windows, Office, Microsoft Developer Tools and Microsoft Server Software.

Along with the nine-bulletin patch release, Microsoft will also be releasing an update for its Windows Malicious Software Removal Tool. However, specific information on this and the bulletin items is not provided to limit the exploitation rate of these issues before Tuesday's release.

Also noteworthy for this month is the new release of Microsoft's Windows Update Agent, which helps to govern installation of monthly security updates and out-of-band fixes. The new version aims to fix the hole that allowed the creators of the Flame malware to certify the worm as authentic Microsoft software.

While the update has been available since mid-June, this will be the first time it will be used for a Monthly rollout. The Windows Update Agent fix can be downloaded here.

Look for more information on July's Security Update once released this Tuesday around 10 a.m. PST.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.