It’s going to be a busy week for patch administrators as Microsoft released their patch Tuesday updates for July 2012. Microsoft has released 9 bulletins of which 3 are rated critical, with the remaining updates noted as important, resolving a total of 16 vulnerabilities.
• Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution – This is the most critical update on this patch Tuesday as it resolves the vulnerability in XML Core Services 3.0, 4.0, 5.0 affecting Microsoft Windows, Office and Server Software.
• Cumulative Security Update for Internet Explorer– This is a critical update for Internet Explorer which patches the exploit, from which an attacker could execute remote code if the user visits a specially crafted site. In this case, the attacker could gain control of administrative rights over the system. The patch is critical for Internet Explorer 9 on Windows and Servers.
•Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution – This is a critical update that resolves vulnerability in data access components for Windows. If unpatched, could allow attackers to remotely execute code when the user visits a specific page and giving the attacker user rights over the system. The patch is addressed to all Data Access Components in Microsoft Windows and Server.
Non-Critical Important Patches
• Vulnerability in Visual Basic for Applications could allow remote code execution
• Vulnerabilities in Windows Kernel-Mode Drivers could allow elevation of privilege
• Vulnerability in Windows Shell could allow remote code execution
• Vulnerability in TLS could allow information disclosure
• Vulnerabilities in SharePoint could allow elevation of privilege
• Vulnerability in Microsoft Office for Mac could allow elevation of privilege
More information about Patch Tuesday 2012 can be found here.
Yesterday, there were some rumblings on the Adobe forums regarding a Flash 11.3 update. As suspected, Flash released- overnight - the new Flash 11.3.300.265 – perhaps for both Active X and Plugin versions.
This update is not on Adobe’s Distribution Agreement site yet, and no security bulletin has been published, but this update is on the Get Adobe page.