July’s Patch Tuesday: Four Bulletins Will Fix 22 Vulnerabilities
Microsoft is issuing 4 bulletins for Patch Tuesday this month which will fix 22 vulnerabilities.
Compared to June’s Patch Tuesday 16 security bulletins, this month Microsoft has issued almost one-fourth of the numbers. But this four bulletins will patch a huge number of vulnerabilities, 22 to be exact. Out of the four updates, one is rated “critical,” while the other three is marked “important.”
Three bulletins will update and fix Windows, while the fourth one will fix a number of vulnerabilities in Visio 2003. The critical Windows bulletin and the important Office update both fix remote code execution issues; the other two important Windows fixes resolve elevation of privilege flaws. All the three Windows updates needs a reboot to apply, though the Office update may need a reboot.
The following table summarizes the security bulletins for this month in order of severity.
Bulletin ID | Maximum Severity Rating and Vulnerability Impact | Restart Requirement | Affected Software |
Bulletin 1 | Critical Remote Code Execution |
Requires restart | Microsoft Windows |
Bulletin 2 | Important Elevation of Privilege |
Requires restart | Microsoft Windows |
Bulletin 3 | Important Elevation of Privilege |
Requires restart | Microsoft Windows |
Bulletin 4 | Important Remote Code Execution |
May require restart | Microsoft Office |
Microsoft will host a webcast to address customer questions on the security bulletins on July 13, 2011, at 11:00 AM Pacific Time (US & Canada).
Microsoft’s Severity Rating System Explained
The severity rating system provides a single rating for each vulnerability. The definitions of the ratings are:
Critical: A vulnerability whose exploitation could allow the propagation of an Internet worm without user action.
Important: A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.
Moderate: Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation.
Low: A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.