Microsoft Plans To Fix 16 Vulnerabilities With July Patch Release

Microsoft has announced it will issue nine bulletins for its July Patch Tuesday release next week. Included in the update are three critical patches for security holes that, if left unaddressed, could result in remote code execution on vulnerable systems.

In all, the Redmond, Washington company will address 16 vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Office, and the Server Software and Developer Tools products.The bulk of the releases – six updates – are rated “important” by Microsoft, which suggests they could be used to compromise systems, but not by self-spreading malware. Most deal with elevation of privilege vulnerabilities.

 

Microsoft hasn’t said what vulnerabilities the patches will address. However, it is possible that at least one of the patches will fix a hole in Microsoft’s XML Core Services. The vulnerability, disclosed in mid-June, allows remote code execution through Internet Explorer and is being actively exploited.

Here’s a rundown of the bulletins:

Bulletin ID Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software
Bulletin 1 Critical
Remote Code Execution
May require restart Microsoft Windows
Bulletin 2 Critical
Remote Code Execution
Requires restart Microsoft Windows,
Internet Explorer
Bulletin 3 Critical
Remote Code Execution
May require restart Microsoft Windows
Bulletin 4 Important
Remote Code Execution
May require restart Microsoft Office,
Microsoft Developer Tools
Bulletin 5 Important
Elevation of Privilege
Requires restart Microsoft Windows
Bulletin 6 Important
Remote Code Execution
Requires restart Microsoft Windows
Bulletin 7 Important
Information Disclosure
Requires restart Microsoft Windows
Bulletin 8 Important
Elevation of Privilege
May require restart Microsoft Office,
Microsoft Server Software
Bulletin 9 Important
Elevation of Privilege
Does not require restart Microsoft Office

This is the first monthly patch release to use a new and improved version of Windows Update that fixes a vulnerability previously used by the Flame malware. News broke last month that the malware used a forged Microsoft certificate to validate its components, impersonating a Windows Update mechanism and installing malicious code in its place.

As usual, Microsoft will push the patches next Tuesday, July 10, around 1 p.m. EST. Those looking for more information on the updates should read Microsoft’s advance notification on Technet.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s