July's Patch Tuesday to fix six critical Windows, Office, IE security vulnerabilities

Summary:Prepare for a bumpy ride for July's roundup of Patch Tuesday updates, Microsoft warns, with critical flaws for almost every version of Windows running every bit of hardware.


Microsoft's monthly release of security updates on deck for Tuesday, commonly known simply as Patch Tuesday, will include six "critical" updates that will require every version of Windows being patched by administrators.

Microsoft's advanced security bulletin also noted vulnerabilities in Visual Studio, Microsoft Office, Microsoft Lync, .NET Framework, and Silverlight. Internet Explorer 6 and above also requires patching on machines running Windows XP through to Windows RT.

The unusually high number of "critical" monthly updates in July will see Microsoft's figure rise to 22, a faster rate than 2012, which ended the calendar year with 34 critical flaws in total.

Bulletin 1 through to 6 all deal with remote code execution, which can give hackers and malware writers access to machines to install malware without user prompts or permission. 

A zero-day flaw, spotted by Google researcher Tavis Ormandy, which identified a problem in the kernel of Windows 2000 and above that affects the user privileges of the logged-on user, will also be fixed. He  fanned the flames by making the discovery public  and calling Microsoft "often very difficult to work with," and claiming the Redmond, Wash.-based software giant treated security researchers with "great hostility."

Though missed by Microsoft  during June's security update release , Bulletin 4 will fix the kernel flaw.

The remining one bulletin rated as "important" allows hackers to elevate their privileges by exploiting Windows Defender running on Windows 7, or its server counterpart, Windows Server 2008 R2.

Details of the flaws are withheld by Microsoft until the patches are released to prevent abuse by third parties. 

Microsoft is also expected to issue a number of non-security related fixes to its Surface Pro and Surface RT tablets,  in line with previous months .

The security fixes will be released on July 9 through the usual update channels, such as Windows and Microsoft Update.

Topics: Security


Zack Whittaker is a writer-editor for ZDNet, and sister sites CNET and CBS News. He is based in the New York newsroom. His PGP key is: EB6CEEA5.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.