Microsoft has released its Advance Notification for the month of July 2014 Patch Tuesday releasing six security Bulletins, which will address a total of six vulnerabilities in its products, out of which two are marked critical, one is rated moderate and rest are important in severity.
All six vulnerabilities are important for you to patch, as the flaws are affecting various Microsoft software, including Microsoft Windows, Microsoft Server Software and Internet Explorer, with the critical ones targeting Internet Explorer and Windows. Microsoft is also providing an update for the "Microsoft Service Bus for Windows Server" which is rated moderate for a Denial of Service (DoS) flaw.
"At first glance it looks like Microsoft may be taking it easy on us this month, which would be nice since we will be coming off a long holiday weekend here in the U.S." Chris Goettl from IT Security firm Shavlik told in an email to The Hacker News. "Microsoft has announced six bulletins for July: two critical, three important and one moderate. The critical updates could allow for remote code execution, which would prevent attackers from accessing your data remotely. The important updates are all elevation of privilege attacks and the moderate is a denial-of-service attack update."
ONCE AGAIN, INTERNET EXPLORER
As usually, one of the two Critical security bulletins is related to Internet Explorer, which will address a Remote Code Execution vulnerability, affecting all versions of Internet Explorer including IE11 in Windows 8.1.
The second Critical security bulletin impacts almost every supported version of the Windows operating system, including Windows 8.1. Windows RT, Server 2008 and server 2012 R2 all have critical fixes that may require a restarting.
Bulletin 3, 4, and 5 are all elevation of privilege vulnerabilities in Windows and affect all versions of Windows, and therefore, are important to patch.
The final bulletin is rated 'moderate' and is a Denial of Service vulnerability, which impacts Microsoft Service Bus for Windows Server.
"This month we are primarily looking at OS updates, although there is also an Internet Explorer update. Considering last month there was a cumulative security update for IE that affects all currently supported versions of IE on all currently supported versions of Windows, this month there will likely not be a cumulative update." Chris Goettl said.
"This month we are primarily looking at OS updates, although there is also an Internet Explorer update. Considering last month there was a cumulative security update for IE that affects all currently supported versions of IE on all currently supported versions of Windows, this month there will likely not be a cumulative update." Chris Goettl said.
PATCH TUESDAY, 8TH JULY
Full details of the vulnerabilities will be released on Tuesday, July 8 at 10am PST by Microsoft, along with a guide for administrators.
'One thing to watch out for will be the many exceptions we saw last month. Many of the updates we saw in June require other updates to be in place, depending on the platform it applied to. For those running Windows 8.1 or Server 2012 R2, they need to be prepared for more of these updates to require Update 1 before they can apply them. Microsoft had stated they would delay a hard enforcement until August, but more and more of the patches had variations that required Update 1', Chris said.
'One thing to watch out for will be the many exceptions we saw last month. Many of the updates we saw in June require other updates to be in place, depending on the platform it applied to. For those running Windows 8.1 or Server 2012 R2, they need to be prepared for more of these updates to require Update 1 before they can apply them. Microsoft had stated they would delay a hard enforcement until August, but more and more of the patches had variations that required Update 1', Chris said.
Microsoft will not release any security update for its older version of Windows XP, as it stopped supporting Windows XP Operating System. So, if you are still running this older version of operating system on your PCs, we again advise you to move on to other operating system in order to receive updates and secure yourself from upcoming threats.