This week Amol and I are here at Black Hat in Las Vegas.
Before getting into this month’s Patch Tuesday, we want tell you about a new initiative by Microsoft’s security team. Here at the conference, they announced the Blue Hat Prize, which is an eight month competition to submit new defensive Windows technologies to be included in future Windows versions. First prize is US$ 200,000 which should attract plenty of industry talent and will bring valuable outside, creative approaches to Windows security.
Back to Patch Tuesday: Microsoft today released their preview and we will see 13 security bulletins next week. The update will have patches for end users, server administrators, office users and software developers.
Top priority should be given to a 'critical' bulletin that affects Internet Explorer 6 through 9 on Windows 7, XP, Vista, 2003 and 2008. If left unpatched, attackers could use this vulnerability to remotely take control of victims' systems.
The second 'critical' bulletin affects Windows server operating systems and server administrator should apply patches immediately as this vulnerability also leads to remote code execution.
The third remote code execution bulletin only affects the newest Windows 7 and Windows 2008 operating systems and could be a little difficult to exploit as compared to the other two.
The remaining remote code execution vulnerability is in Microsoft Office Visio. We have seen other Visio vulnerabilities fairly recently and recommend including the software in your regular patching cycle and/or have users not using that software remove it from their systems.
We will publish more details on August 9th when the patches are available.