News

Microsoft Prepping 9 Fixes for July's Patch

Microsoft is readying three "critical" bulletins and six "important" items for this month's security update, according to the Microsoft Security Bulletin Advance Notification

According to the bulletin listing, two of the three critical items will deal with Window flaws, while the third will address issues in both Windows and Internet Explorer. All three address remote code execution flaws.

Speaking on today's advanced bulletin announcement, Wolfgang Kandek, CTO of Qualys, Inc., discussed in a blog post why these three bulletins should be given top priority once the patch is released on Tuesday:

"Bulletin 1, rated 'critical,' affects all versions of Windows, and we expect it to address the XML vulnerability disclosed by Microsoft in June's Patch Tuesday as KB2719615," said Kandek. "This bulletin will be the highest priority for users, at least for those who did not apply Microsoft's FixIt supplied in the advisory. Bulletin 2 is for Internet Explorer (IE), and is a bit of a surprise as it breaks the usual cycle of supplying an update for IE every two months. The bulletin only applies to IE9 and is thus limited to Vista and above. Bulletin 3 is 'critical' for all desktop operating systems, XP, Vista and WIndows 7; for all others it is rated only 'moderate.'"

As for the remaining six bulletin items, they will fix a sordid collection of problems in Windows, Office, Microsoft Developer Tools and Microsoft Server Software.     

Along with the nine-bulletin patch release, Microsoft will also be releasing an update for its Windows Malicious Software Removal Tool. However, specific information on this and the bulletin items is not provided to limit the exploitation rate of these issues before Tuesday's release.

Also noteworthy for this month is the new release of Microsoft's Windows Update Agent, which helps to govern installation of monthly security updates and out-of-band fixes. The new version aims to fix the hole that allowed the creators of the Flame malware to certify the worm as authentic Microsoft software.

While the update has been available since mid-June, this will be the first time it will be used for a Monthly rollout. The Windows Update Agent fix can be downloaded here.

Look for more information on July's Security Update once released this Tuesday around 10 a.m. PST.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Outlines Steps for Bringing Classic Alert Rules into Azure Monitor

    Microsoft described how to modernize so-called "classic" alert rules to work with the new Azure Monitor service in a Thursday Azure announcement.

  • Microsoft Issues Windows Server HTTP/2 Attack Advisory

    Microsoft issued Security Advisory ADV190005 on Wednesday concerning a potential HTTP/2 settings issue for users of Internet Information Services (IIS) on Windows Server.

  • Performing a Storage Refresh on Windows Server 2016, Part 2

    Earlier, Brien walked through the steps of preparing a physical Windows Server 2016 machine for a storage refresh. Now, he shows how to complete the process, all the way to OS restoration.

  • New Office App Coming to Windows 10 Users

    Microsoft is delivering a new Office app for Windows 10 consumer and business users over the new few weeks, according to a Wednesday announcement.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.