Microsoft Plans To Fix 16 Vulnerabilities With July Patch Release

2012-07-0615:03:10

Chris Brook

threatpost.com

0.974 High

EPSS

Percentile

99.9%

JSON

Microsoft has announced it will issue nine bulletins for its July Patch Tuesday release next week. Included in the update are three critical patches for security holes that, if left unaddressed, could result in remote code execution on vulnerable systems.

In all, the Redmond, Washington company will address 16 vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Office, and the Server Software and Developer Tools products.The bulk of the releases – six updates – are rated “important” by Microsoft, which suggests they could be used to compromise systems, but not by self-spreading malware. Most deal with elevation of privilege vulnerabilities.

Microsoft hasn’t said what vulnerabilities the patches will address. However, it is possible that at least one of the patches will fix a hole in Microsoft’s XML Core Services. The vulnerability, disclosed in mid-June, allows remote code execution through Internet Explorer and is being actively exploited.

Here’s a rundown of the bulletins:

Bulletin ID |

Maximum Severity Rating and Vulnerability Impact

Microsoft Office,
Microsoft Developer Tools

Microsoft Office,
Microsoft Server Software

Bulletin 9 | Important
Elevation of Privilege | Does not require restart | Microsoft Office

This is the first monthly patch release to use a new and improved version of Windows Update that fixes a vulnerability previously used by the Flame malware. News broke last month that the malware used a forged Microsoft certificate to validate its components, impersonating a Windows Update mechanism and installing malicious code in its place.

As usual, Microsoft will push the patches next Tuesday, July 10, around 1 p.m. EST. Those looking for more information on the updates should read Microsoft’s advance notification on Technet.