Another Significant Patch Tuesday from Microsoft This Week

Paul Mah
Slide Show

8 Elements of Complete Vulnerability Management

Eight essential elements to help reduce your vulnerability to hackers.

Businesses should brace themselves for a significant Patch Tuesday tomorrow, based on information given by Microsoft in its advanced notification bulletins released last week. A total of 16 security bulletins are expected to be released tomorrow, of which nine are rated "critical" and the remaining seven tagged as "important."


It is understood that all the critical vulnerabilities address potential remote code execution (RCE), a term used to signify the ability for attackers to execute arbitrary code on the target machine. Consisting of either shell code or machine code, a properly crafted remote code execution exploit can allow a hacker to gain control of a software process and, with privilege escalation, even take over the entire server or workstation without further action or opportunity to deflect the attack. Obviously, system administrators will want to move fast to fix any known RCE flaws.


What is probably even more concerning, though, has to do with the fact that the majority of the bugs span across multiple versions of the Windows operating system. This ranges from Windows XP Service Pack 3 to the latest Windows 7 in both 32-bit and 64-bit flavors. Other affected products include various versions of Excel from Microsoft Office XP, 2003, 2007, 2010 and even Microsoft Office for Mac. Version 6, 7, 8 and 9 of Internet Explorer will see multiple patches for critical vulnerabilities, according to InformationWeek, while the .NET framework and the company's popular Visual Studio product are also affected by important vulnerabilities. In a nutshell, no Windows shop can afford to ignore or put off June's Patch Tuesday.


The finding of new flaws that span multiple product generations suggests that Microsoft has adopted new testing and validation measures that are turning up what are essentially old and persistent problems. With more details and the actual fixes to be released tomorrow, however, you can be sure that hackers will be working double time to reverse-engineer the updates to identify the individual bugs, which, once isolated, will allow them to create the appropriate exploits to attack unpatched machines.


It is highly recommended that administrators test the updates on the machines in their SMBs and apply them as soon as possible. Given the wide remit of this update, the IT department will obviously be in for a busy week, a sentiment that Paul Henry, forensic and security analyst at Lumension, concurs with:

This will be a long hot summer for IT professionals and there is just no room to slow down.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.