July’s Patch Tuesday: Four Bulletins Will Fix 22 Vulnerabilities

Microsoft is issuing 4 bulletins for Patch Tuesday this month which will fix 22 vulnerabilities.

Compared to June’s Patch Tuesday 16 security bulletins, this month Microsoft has issued almost one-fourth of the numbers. But this four bulletins will patch a huge number of vulnerabilities, 22 to be exact. Out of the four updates, one is rated “critical,” while the other three is marked “important.”

Three bulletins will update and fix Windows, while the fourth one will fix a number of vulnerabilities in Visio 2003. The critical Windows bulletin and the important Office update both fix remote code execution issues; the other two important Windows fixes resolve elevation of privilege flaws. All the three Windows updates needs a reboot to apply, though the Office update may need a reboot.

The following table summarizes the security bulletins for this month in order of severity.

Bulletin ID Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software
Bulletin 1 Critical
Remote Code Execution
Requires restart Microsoft Windows
Bulletin 2 Important
Elevation of Privilege
Requires restart Microsoft Windows
Bulletin 3 Important
Elevation of Privilege
Requires restart Microsoft Windows
Bulletin 4 Important
Remote Code Execution
May require restart Microsoft Office

Microsoft will host a webcast to address customer questions on the security bulletins on July 13, 2011, at 11:00 AM Pacific Time (US & Canada).

Microsoft’s Severity Rating System Explained

The severity rating system provides a single rating for each vulnerability. The definitions of the ratings are:

Critical: A vulnerability whose exploitation could allow the propagation of an Internet worm without user action.

Important: A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.

Moderate: Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation.

Low: A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.

You may also like...