Microsoft just announced the bugs it plans to patch on Tuesday. In all, Redmond will fix nine issues. Three of those vulnerabilities are rated "critical," which means they could allow hackers to launch remote code executions. The others vulnerabilities are rated "important."
The July release includes nine bulletins addressing 16 vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, and Visual Basic for Applications," said Angela Gunn of Microsoft's Trustworthy Computing Group. "As always, we recommend that customers review the ANS summary page for more information and prepare for the testing and deployment of these bulletins as soon as possible."
Across the Microsoft Board
Paul Henry, a security and forensic analyst at Lumension, said it looked like IT administrators would have to deal with more fireworks this month.
That, he said, is because nine patches is more than double last year's July patches: 4 total, with only 1 critical. According to his research, this puts Microsoft at 51 bulletins for 2012, about on par with 2011, which saw 56 bulletins at this time last year.
"Looking at the bulletins, one of the first things that jumps out is that these really impact the entire family of products, from XP all the way to 2008," Henry told us. "This is really a weird mix of patches, impacting both legacy and current generation software with critical issues."
Henry noted that it remains unclear if Microsoft will issue a patch this month for the XML Core Services issue that is currently being actively exploited in IE attacks. Microsoft normally includes details in its pre-release information if a zero-day patch is included, he explained.
However, in the July pre-release, Microsoft didn't call this out. Microsoft issued a FixIt tool to address the XML Core Services zero-day vulnerability and that may remain the only solution for IT admins in July.
New OSes on Horizon
Beyond July's Patch Tuesday, Henry is looking forward to the next set of potential targets: new operating systems from both Apple and Microsoft. Apple will soon release Mountain Lion and Microsoft is readying Windows 8. Although the full impact on IT remains to be seen, Henry said you can get a jump start by reading about some of the security features for both.
"Mountain Lion is a definite step forward for Apple security, with several new features to make it easier for IT to secure these machines. White-listing, sandboxed applications and daily updates go a long way in securing these products," Henry said.
"Windows 8 will also feature white listing and sandboxed apps, as well as a continuously running security system that starts protecting machines before the operating system is even fully booted."