Microsoft plans to release a relatively light patch load for its upcoming Patch Tuesday July 12, issuing four security updates, only one of which is deemed critical.
In its impending July patch, Redmond is giving highest priority to a critical flaw in Windows Vista and Windows 7 that enables remote code execution, according to the Microsoft’s advanced notification bulletin, released Thursday. During remote code execution attacks, miscreants can exploit vulnerabilities remotely to distribute malicious code that takes complete control of affected PCs with little or no user intervention.
The remaining three bulletins, designated with the slightly less severe ranking of “important,” address security holes in Windows and Microsoft Office. One of the “important” updates will repair a flaw found in Visio 2003 SP3 that also allows hackers to execute remote code execution attacks. The other two bulletins plug security holes affecting Windows 7, Vista, XP and Server 2008, which could give intruders elevated user privileges if exploited.
Security experts say that Microsoft’s light July patch is consistent with the company’s pattern of alternating between heavy and light updates every month. The company released a massive Patch Tuesday bulletin in June , repairing a total of 24 vulnerabilities in 16 bulletins.
“Many companies will be able to take a breather this month as this is a relatively small release as compared to last month's 16 updates and is consistent with the cycle of smaller patches every other month,” said Amol Sarwate, vulnerability labs manager for Qualys, in an e-mail.
However, Paul Henry, security and forensic analyst at Lumension, warned that the Windows and Office patches would affect a significant swath of users and likely be cumbersome to install.
“While this Patch Tuesday may appear insignificant with just four patches, the reality is that it will be rather disruptive, as all the patches impact Windows and Office and require a restart,” he said.