Microsoft Prepping 9 Fixes for July's Patch
Microsoft is readying three "critical" bulletins and six "important" items for this month's security update, according to the Microsoft Security Bulletin Advance Notification
According to the bulletin listing, two of the three critical items will deal with Window flaws, while the third will address issues in both Windows and Internet Explorer. All three address remote code execution flaws.
Speaking on today's advanced bulletin announcement, Wolfgang Kandek, CTO of Qualys, Inc., discussed in a blog post why these three bulletins should be given top priority once the patch is released on Tuesday:
"Bulletin 1, rated 'critical,' affects all versions of Windows, and we expect it to address the XML vulnerability disclosed by Microsoft in June's Patch Tuesday as KB2719615," said Kandek. "This bulletin will be the highest priority for users, at least for those who did not apply Microsoft's FixIt supplied in the advisory. Bulletin 2 is for Internet Explorer (IE), and is a bit of a surprise as it breaks the usual cycle of supplying an update for IE every two months. The bulletin only applies to IE9 and is thus limited to Vista and above. Bulletin 3 is 'critical' for all desktop operating systems, XP, Vista and WIndows 7; for all others it is rated only 'moderate.'"
As for the remaining six bulletin items, they will fix a sordid collection of problems in Windows, Office, Microsoft Developer Tools and Microsoft Server Software.
Along with the nine-bulletin patch release, Microsoft will also be releasing an update for its Windows Malicious Software Removal Tool. However, specific information on this and the bulletin items is not provided to limit the exploitation rate of these issues before Tuesday's release.
Also noteworthy for this month is the new release of Microsoft's Windows Update Agent, which helps to govern installation of monthly security updates and out-of-band fixes. The new version aims to fix the hole that allowed the creators of the Flame malware to certify the worm as authentic Microsoft software.
While the update has been available since mid-June, this will be the first time it will be used for a Monthly rollout. The Windows Update Agent fix can be downloaded here.
Look for more information on July's Security Update once released this Tuesday around 10 a.m. PST.