News

Microsoft Prepping 9 Fixes for July's Patch

Microsoft is readying three "critical" bulletins and six "important" items for this month's security update, according to the Microsoft Security Bulletin Advance Notification

According to the bulletin listing, two of the three critical items will deal with Window flaws, while the third will address issues in both Windows and Internet Explorer. All three address remote code execution flaws.

Speaking on today's advanced bulletin announcement, Wolfgang Kandek, CTO of Qualys, Inc., discussed in a blog post why these three bulletins should be given top priority once the patch is released on Tuesday:

"Bulletin 1, rated 'critical,' affects all versions of Windows, and we expect it to address the XML vulnerability disclosed by Microsoft in June's Patch Tuesday as KB2719615," said Kandek. "This bulletin will be the highest priority for users, at least for those who did not apply Microsoft's FixIt supplied in the advisory. Bulletin 2 is for Internet Explorer (IE), and is a bit of a surprise as it breaks the usual cycle of supplying an update for IE every two months. The bulletin only applies to IE9 and is thus limited to Vista and above. Bulletin 3 is 'critical' for all desktop operating systems, XP, Vista and WIndows 7; for all others it is rated only 'moderate.'"

As for the remaining six bulletin items, they will fix a sordid collection of problems in Windows, Office, Microsoft Developer Tools and Microsoft Server Software.     

Along with the nine-bulletin patch release, Microsoft will also be releasing an update for its Windows Malicious Software Removal Tool. However, specific information on this and the bulletin items is not provided to limit the exploitation rate of these issues before Tuesday's release.

Also noteworthy for this month is the new release of Microsoft's Windows Update Agent, which helps to govern installation of monthly security updates and out-of-band fixes. The new version aims to fix the hole that allowed the creators of the Flame malware to certify the worm as authentic Microsoft software.

While the update has been available since mid-June, this will be the first time it will be used for a Monthly rollout. The Windows Update Agent fix can be downloaded here.

Look for more information on July's Security Update once released this Tuesday around 10 a.m. PST.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Malwarebytes Affirms Other APT Attack Methods Used Besides 'Solorigate'

    Security solutions company Malwarebytes affirmed on Monday that alternative methods besides tainted SolarWinds Orion software were used in the recent "Solorigate" advanced persistent threat (APT) attacks.

  • How To Fix the Hyper-V Read Only Disk Problem

    DOS might seem like a relic now, but sometimes it's the only way to fix a problem that Windows seems ill-equipped to deal with -- like this one.

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

comments powered by Disqus