Microsoft plans to fix 22 bugs across four vulnerabilities in July’s Patch Update release next week.
One bulletin has a maximum severity rating of “critical” and the remaining three are rated “important”, Microsoft said in its Patch Tuesday advance notification. The critical bulletin addresses vulnerabilities that can result in remote code execution attacks against Windows Vista SP1, Vista SP2 and Windows 7.
The critical bulletin and two of the important bulletins address security holes in all supported versions of the Windows operating system, including Windows XP, Server 2003, Vista, Server 2008, Windows 7 and Server 2008 R2.
This month’s Patch Tuesday release is expected on July 12.
Even though it has only a quarter of the bulletins that last month’s update package has, July’s release is “rather disruptive”, as the patches affect the operating system and require a restart, Paul Henry, a security and forensic analyst at Lumension, told eWEEK.
Even so, many companies will have a relatively easier time with the updates because of the “limited exposure” of affected software, so they will not have to install all the patches, Sarwate said.
“Although this is a ‘light’ Patch Tuesday month, it is important to keep an eye out for any non-Microsoft vendors releasing new updates,” said Jason Miller, manager of the research and development team at VMware. For example, Oracle is expected to issue its scheduled quarterly Critical Patch Update on July 19.
Lumension’s Henry agreed with Miller, noting the “constant stream of vulnerabilities” being discovered in mobile devices, including the PDF flaw recently uncovered for iOS devices and the zero-day in Hewlett-Packard’s new TouchPad. Apple said it will roll out a fix for the mobile Safari Web browser in a future update.
“The point here is that Microsoft does not have exclusivity when it comes to issuing patches,” Henry said. Administrators need to stay on top of the updates from all the vendors they work with, he said.
Microsoft is also expected to retire Office XP and Windows Vista Service Pack on July 1, 2012, the company has announced. After this Patch Tuesday, Microsoft will stop issuing security updates for the productivity suite from 2001 and Vista SP1. Office XP was last patched in June’s update.
Vista users can continue getting updates by installing SP2, which was released May 2009, and mainstream support will be available until April 2012. Office XP users can upgrade to Microsoft Office 2010, or even to Office 2007 Service Pack 2 or Office 2003 Service Pack 3, Microsoft said. Security updates will be available for Office 2007 SP2 and Office 2003 SP3 until April 2017 and April 2014, respectively.
Microsoft generally supports software for 10 years and issues security updates during that entire time period, but security updates are generally available only for the first five years. Updates during the last five years are available only to users who paid for special support contracts.
Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…
Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC
Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…
Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…
Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…
Elon Musk continues to provoke the ire of various leaders around the world with his…