Texas A&M AgriLife IT Security
Texas A&M AgriLife IT SecurityLatest IT news & tips to keep your computer safe

Advance notification of Microsoft patches to be released on July 12.

by

Microsoft has just published their advance notification of the patches scheduled to be released on July 12.   The advance notification can be viewed at – http://www.microsoft.com/technet/security/bulletin/ms11-jul.mspx All indications are July should be a very light month for Windows Operating System and Office suite patches.  Only one CRITICAL patch (for Windows Vista and Windows 7) is scheduled to be released.  Three patches designated as IMPORTANT, are also scheduled to be released. The IMPORTANT patches apply to all currently supported Workstation and Server operating systems (bulletins #2 and #3) and in the case of bulletin #4, Microsoft Visio 2003 SP3. These include the following installations:

Workstation Versions

  • Windows XP SP2 (32bit)
  • Windows XP SP2 (64 bit)
  • Windows Vista SP1 and SP2 (32 and 64 bit)
  • Windows 7 base and SP1 (32 and 64 bit)

 

Server Versions

  • Windows Server 2003 SP2 (32, 64 bit and Itanium versions)
  • Widows Server 2008 base and SP2 (32, 64 bit and Itanium versions)
  • Windows Server 2008R2  base and SP1 (64 bit and Itanium versions)

As the one CRITICAL patch applies to a remote code execution vulnerability, it should probably be applied to workstations as soon as possible.  However, that recommendation is contingent on exploit code for the vulnerability already having being made public or if it has only been released privately to Microsoft.   The specifics of the public/private aspect of this vulnerability will not be known until Tuesday, July 12.

One security publication (http://threatpost.com/en_us/blogs/microsoft-patch-22-flaws-july-patch-tuesday-070711 ) has indicated that 22 flaws are scheduled to be patched by Microsoft.

NOTE: The CRITICAL patch is not applicable for Windows XP, Windows Server 2003, Server 2008 and Server 2008R2 Operating Systems.

Update July 12

Additional information has been provided detailing the scope of patches scheduled for release on July 12.  The one critical patch involves a vulnerability in the bluetooth protocol (only applicable for Windows Vista and Windows 7).  According to Microsoft, consistent exploit code for that vulnerability is unlikely.  All other vulnerabilities are identified as being IMPORTANT according to Microsoft.

Further, SANs ( http://isc.sans.edu/diary/Microsoft+July+2011+Black+Tuesday+Overview/11191 ) rates the vulnerabilities as being less urgent for all server implementations.

Updates that will be included in MS11-054 ( http://www.microsoft.com/technet/security/Bulletin/MS11-054.mspx ) , could allow an escalation of privileges if not patched.

Updates that will be included in MS11-056  ( http://www.microsoft.com/technet/security/Bulletin/MS11-056.mspx ), could allow a successful denial of service if not patched.

Additional details on these vulnerabilities and patches can be found at – http://blogs.technet.com/b/srd/