Qualys Blog

www.qualys.com
wkandek

July 2012 Patch Tuesday Preview

Today Microsoft released its Advanced Notification for July 2012 containing nine bulletins addressing 16 vulnerabilities. Three bulletins are rated "critical", affecting members of the Windows operating system family. The remaining bulletins are rated "important" and address flaws in Windows, Office, Sharepoint and Office for the Mac.

Bulletin 1, rated "critical", affects all versions of Windows, and we expect it to address the XML vulnerability disclosed by Microsoft in June’s Patch Tuesday as KB2719615. This bulletin will be the highest priority for users, at least for those who did not apply Microsoft’s FixIt supplied in the advisory. Bulletin 2 is for Internet Explorer (IE), and is a bit of a surprise as it breaks the usual cycle of supplying an update for IE every two months. The bulletin only applies to IE9 and is thus limited to Vista and above. Bulletin 3 is "critical" for all desktop operating systems, XP, Vista and WIndows 7; for all others it is rated only "moderate".

From the remaining bulletins all ranked "important", we recommend paying attention to bulletin 4 which affects all versions of Office for Windows. It is a Remote Code Execution vulnerability and is ranked "important" because it requires the targeted user to open a malicious file. We typically consider "important" bulletins for Office as almost the same severity level as "critical"; after all these document-based attack campaigns are usually quite successful in convincing at least a subset of end users to open the malicious document.

Bulletin 6 is a bit curious. It is for a Remote Code Execution vulnerability and applies to all versions of Windows, but it is rated only "important". It will be interesting to see what kind of mitigating circumstances made Microsoft come to that rating.

Users of the latest version of Microsoft Office for Mac OS X should keep an eye on bulletin 9 and apply it as soon as possible.

Over the last few weeks, Microsoft has also been rolling out the improved version of the Windows Update client, which has improved security measures that will be used for the first time in this month’s update. The changes are related to the Flame malware that came up with a sophisticated certificate collision attack and was able to abuse Microsoft’s update service to infect its targets.

Leave a Reply