News

Six Security Fixes Expected on Patch Tuesday

On Tuesday, Microsoft is planning to roll out six fixes -- three "critical" and three "important" -- in its July security update.

The security issues expected to be addressed in this patch include four remote code execution (RCE) vulnerabilities and two elevation-of-privilege considerations. Affected programs range from Windows operating system components, to servers, to a fix for Microsoft Publisher.

"This is a critical month for Microsoft with published bug reports and attack code in the wild," noted Andrew Storms, director of security at nCircle.

Critical Patches
Critical patch No. 1 will be designed to stave off RCE exploits for all supported Windows OS versions.

The second critical item will be aimed at patching the DirectX multimedia control solution, a favorite complaint of security gadflies. This patch will affect DirectX versions 7.0, 8.1 and 9.0 running on systems using Windows XP, Windows 2000 and Windows Server 2003.

Microsoft has issued other security advisories about ActiveX in recent times. In May, Microsoft began an investigation of a DirectX bug in its DirectShow framework for multimedia files. In June, the company announced it was investigating a potential DirectX bug in Internet Explorer.

The final critical patch will be a Windows OS fix addressing RCE exploits. It's considered "critical" for Windows XP but "moderate" for Windows Server 2003.

Important Patches
First on the "important" list will be a virtualization fix -- something to be seen more often, perhaps. It will be a patch to stop potential elevation-of-privilege attacks in Microsoft Virtual PC 2004 and Microsoft Virtual PC 2007 editions, as well as Microsoft Virtual Server 2005 R2 and Virtual Server 2005 R2 x64.

The next important patch will address Microsoft Internet Security and Acceleration Server 2006. ISA Server provides application-layer firewalling and protects Web servers. The server is being rolled up into Microsoft Forefront Threat Management Gateway, which Redmond calls a "comprehensive secure Web gateway solution" protecting client-side users from Web-based threats.

The third important item deals with 2007 Microsoft Office System Service Pack 1 in general, and Microsoft Office Publisher 2007 Service Pack 1 in particular. It is the rollout's fourth RCE exploit fix.

Depending on which components are included in Tuesday's announcement, July looks to be a reasonably busy month for IT pros. The entire slate of patches may require restarts.

As usual, those interested in nonsecurity updates may want to check out the monthly knowledgebase article. Microsoft has accompanied every security patch release with nonsecurity updates for more than a year now. Those items include a new Malicious Software Removal Tool and spam filter updates. Changes for Vista and Windows Server 2008 are also on tap via Windows Update, Microsoft Update and Windows Server Update Services.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft In Talks To Acquire TikTok

    A deal between Microsoft and Beijing-based ByteDance is in the works that would have Microsoft acquiring some of ByteDance's holdings in the TikTok social media service.

  • Some Cortana Features Ending as Part of Microsoft 365 Shift

    Microsoft may be promoting Cortana more as a Microsoft 365 business perk, but the digital assistant will soon see several of its capabilities falling out of support.

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • Tasks in Teams Starts Rolling Out to Some Microsoft 365 Users

    Tasks in Teams, which pulls together information from Microsoft task-creation apps like Planner and To Do, has started rolling out to "a small group" of Microsoft 365 users.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.