July 2013 Patch Tuesday Preview

Wolfgang Kandek

Last updated on: October 27, 2022

Today, Microsoft has published the July Advance Notification for next week’s Patch Tuesday. We will get seven bulletins, 6 rated as "critical" and providing Remote Code Execution (RCE) and one bulletin (for Windows Defender on Windows 7) marked "important".

Bulletin 4 is for Internet Explorer and affects all versions from IE6 on Windows XP to IE10 on Windows 8 and RT. This will probably the most important Bulletin to implement, together with Bulletin 3 which addresses vulnerabilities capable of giving RCE to an attacker in Windows, Office and Lync.

Microsoft will also address a vulnerability (CVE-2013-3660) that has been discussed quite a bit since May, when Tavis Ormandy first posted about a possible way of exploiting a memory managment problem in win32k.sys and soon thereafter several implementations became public (including one in Metasploit), making it in essence a 0-day.

All in all, a normally sized Patch Tuesday, but with a large number of critical issues. Stay tuned for our port on next Tuesday, but for time being it seems as if this Patch Tuesday will generate work for both Desktop and Server admins.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *