Microsoft Plans To Fix 16 Vulnerabilities With July Patch Release

Microsoft has announced it will issue nine bulletins for its July Patch Tuesday release next week. Included in the update are three critical patches for security holes that, if left unaddressed, could result in remote code execution on vulnerable systems.

Microsoft has announced it will issue nine bulletins for its July Patch Tuesday release next week. Included in the update are three critical patches for security holes that, if left unaddressed, could result in remote code execution on vulnerable systems.

In all, the Redmond, Washington company will address 16 vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Office, and the Server Software and Developer Tools products.The bulk of the releases – six updates – are rated “important” by Microsoft, which suggests they could be used to compromise systems, but not by self-spreading malware. Most deal with elevation of privilege vulnerabilities. 

 

Microsoft hasn’t said what vulnerabilities the patches will address. However, it is possible that at least one of the patches will fix a hole in Microsoft’s XML Core Services. The vulnerability, disclosed in mid-June, allows remote code execution through Internet Explorer and is being actively exploited.

Here’s a rundown of the bulletins:

Bulletin ID

Maximum Severity Rating and Vulnerability Impact

Restart Requirement Affected Software
Bulletin 1 Critical 
Remote Code Execution
May require restart Microsoft Windows
Bulletin 2 Critical 
Remote Code Execution
Requires restart Microsoft Windows,
Internet Explorer
Bulletin 3 Critical 
Remote Code Execution
May require restart Microsoft Windows
Bulletin 4 Important 
Remote Code Execution
May require restart

Microsoft Office,
Microsoft Developer Tools

Bulletin 5 Important 
Elevation of Privilege
Requires restart Microsoft Windows
Bulletin 6 Important 
Remote Code Execution
Requires restart Microsoft Windows
Bulletin 7 Important 
Information Disclosure
Requires restart Microsoft Windows
Bulletin 8 Important 
Elevation of Privilege
May require restart

Microsoft Office,
Microsoft Server Software

Bulletin 9 Important 
Elevation of Privilege
Does not require restart Microsoft Office

This is the first monthly patch release to use a new and improved version of Windows Update that fixes a vulnerability previously used by the Flame malware. News broke last month that the malware used a forged Microsoft certificate to validate its components, impersonating a Windows Update mechanism and installing malicious code in its place.

As usual, Microsoft will push the patches next Tuesday, July 10, around 1 p.m. EST. Those looking for more information on the updates should read Microsoft’s advance notification on Technet.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.