The Hacker News: Microsoft has announced that it will release 13 bulletins to address 22 vulnerabilities in Windows, Office, Internet Explorer, .NET and Visual Studio on its next Patch Tuesday. Another “critical” bulletin affects Windows server operating systems, and addresses a code-execution risk on unpatched systems. Also of note is an update restricted to newer versions of Windows (Windows 7 and Windows 2008) that tackles a potential, though difficult to exploit, code-execution risk.
Scheduled for release next Tuesday 9th August. Wolfgang Kandek, CTO of Qualys, commented that the update will have patches for end-users, server administrators, office users and software developers.
He said:
“Top priority should be given to a critical bulletin that affects Internet Explorer 6 through 9 on Windows 7, XP, Vista, 2003 and 2008. If left unpatched, attackers could use this vulnerability to remotely take control of victims’ systems.The second critical bulletin affects Windows server operating systems, and server administrators should apply patches immediately as this vulnerability also leads to remote code execution. The third remote code execution bulletin only affects the newest Windows 7 and Windows 2008 operating systems and could be a little difficult to exploit as compared to the other two.”
Microsoft’s pre-alert advisory can be found here.