News

Microsoft Readies a Light 4 for July Patch Tuesday

Windows IT pros may be breathing a sigh of relief that the only fireworks in July occurred on a day off for U.S. workers.

Microsoft will only roll out four bulletins for this July's patch update, according to Redmond's advanced notification for its monthly security rollout. Of the four security bulletins one is "critical" and the remaining three have been deemed "important."

The risk considerations are split down the middle in July with two remote code execution (RCE) items and two designed to prevent elevation-of-privilege exploits.

The first (and only) critical item affects Windows 7 and Vista at the operating system level. The next two important elevation-of-privilege items touch every supported Windows OS. They come with a less threatening risk profile because of the requisite administrative access requirement to execute the exploits in question.

The last RCE bulletin in the group of important fixes deals with Visio 2003, which Rapid7 Security Researcher Marcus Carey says will not affect many people outside corporate circles.

"Organizations that are using Visio will need to (patch), and in the meantime should be wary of Visio files sent from unknown sources," Carey said.

All items may require restarts.

All told, security experts should be happy for the light fare as the dog days of summer loom because, if patterns hold, August should be a heavier month.

"Many companies will have limited exposure for the software affected and will be able to take a breather this month. This is a relatively small release as compared to last month's 16 updates and is consistent with the cycle of smaller patches every other month," said Amol Sarwate, Vulnerability Labs Manager for Qualys.

That may also mean there's extra time before the expected August rush for Windows IT admins to check out changes to the Windows Update and Windows Server Update Services in this Knowledge Base article.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Old Stone Wall Graphic

    Microsoft Addressing 36 Vulnerabilities in December Security Patch Release

    Microsoft on Tuesday delivered its December bundle of security patches, which affect Windows, Internet Explorer, Office, Skype for Business, SQL Server and Visual Studio.

  • Microsoft Nudging Out Classic SharePoint Blogs

    So-called "classic" blogs used by SharePoint Online subscribers are on their way toward "retirement," according to Dec. 4 Microsoft Message Center post.

  • Datacenters in Space: OrbitsEdge Partners with HPE

    A Florida-based startup is partnering with Hewlett Packard Enterprise in a deal that gives new meaning to the "edge" in edge computing.

  • Windows 10 Hyper-V vs. Windows Server Hyper-V: Which Platform for Which Workloads?

    The differences between these two Hyper-V versions are pretty significant, depending on what you plan to use them for. Here's a quick rundown of each platform, from their features to licensing quirks to intended use cases.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.