MS Patch Tuesday head-up: 22 vulnerabilities in Windows, Office

MS Patch Tuesday head-up: 22 vulnerabilities in Windows, Office

Summary: Microsoft today announced plans to patch 22 serious security vulnerabilities in its Windows operating system and Office productivity suite.As part of the July Patch Tuesday releases, Microsoft will ship four bulletins.

SHARE:
TOPICS: Microsoft, Security
84

Microsoft today announced plans to patch 22 serious security vulnerabilities in its Windows operating system and Office productivity suite.

As part of the July Patch Tuesday releases, Microsoft will ship four bulletins.  One of the bulletins will carry a "critical" rating because of a high risk of remote code execution attacks.

follow Ryan Naraine on twitterThree of the four bulletins will address security holes in Windows, the company's flagship operating system. Affected Windows versions include Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2.

The Microsoft Office update will ship patches for security problems in Microsoft Visio 2003 Service Pack 3.

The bulletins are slated for release on July 12th at 10:00 a.m. PDT.

Topics: Microsoft, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

84 comments
Log in or register to join the discussion
  • MS Patch Tuesday - July, 2011

    Thanks for the heads-up! :0)
    Compumind
    • RE: MS Patch Tuesday head-up: 22 vulnerabilities in Windows, Office

      @Smart_Neuron ......................Yes.
      j7general
  • RE: MS Patch Tuesday head-up: 22 vulnerabilities in Windows, Office

    iOS:2, Windows:22

    Guess it'll be 'Roids next week!
    Gr8Music
    • RE: MS Patch Tuesday head-up: 22 vulnerabilities in Windows, Office

      @Gr8Music
      So where is the Microsoft style security advisory board for iOS for Apple announces vulnerabilitues and tell you when it's going to be patched *BEFORE* being wildly exploited?
      Samic
      • RE: MS Patch Tuesday head-up: 22 vulnerabilities in Windows, Office

        @Samic
        As much as I like my MS OS, Apple will have some tough going in Sept.----
        j7general
      • RE: MS Patch Tuesday head-up: 22 vulnerabilities in Windows, Office

        duplicate.
        ScorpioBlue
    • RE: MS Patch Tuesday head-up: 22 vulnerabilities in Windows, Office

      @Gr8Music "Guess it'll be 'Roids next week!"
      ......Roids?????----I guess its better than your sister. Then again..............
      j7general
    • No, it is more like

      @Gr8Music

      Apple OS X:
      1555 Vulnerabilities

      Microsoft Windows XP Professional:
      472 Vulnerabilities

      Awww. More than 3x more vulns in OS X.

      Compare apples to apples. A desktop OS is much more complex than a gadget OS. You could compare Windows Phone 7 to iOS, though:

      Apple iOS 4.x for iPhone 3GS and later:
      134 Vulnerabilities

      Microsoft Phone 7:
      0 Vulnerabilities

      Ewww.
      honeymonster
      • No, it's more like

        More unsubstituted FUD from one of the Redmond professional shills that inhabit these boards.
        ScorpioBlue
      • RE: MS Patch Tuesday head-up: 22 vulnerabilities in Windows, Office

        @ScorpioBlue [i]More unsubstituted FUD from one of the Redmond professional shills that inhabit these boards.[/i]

        Feel free to provide information to the contrary. I do like to read.
        Badgered
      • RE: MS Patch Tuesday head-up: 22 vulnerabilities in Windows, Office

        He's the one throwing out ridiculous figures. Let's see where they come from and what they consist of.
        ScorpioBlue
      • Truth hurts

        @ScorpioBlue

        But there's still no reason for name calling.

        My sources are freely available on secunia:

        http://secunia.com/advisories/product/96/
        http://secunia.com/advisories/product/22/

        http://secunia.com/advisories/product/33401/
        http://secunia.com/advisories/product/31370/

        No need to get all worked up about it.
        honeymonster
      • RE: MS Patch Tuesday head-up: 22 vulnerabilities in Windows, Office

        @honeymonster

        Hmmm... Let's see...

        http://secunia.com/advisories/product/96/?task=advisories_2011

        [i]5 Secunia Advisories in 2011
        Secunia has issued a total of 5 Secunia advisories in 2011 for Apple Macintosh OS X. Currently, 0% (0 out of 5) are marked as unpatched.[/i]

        Gee, only 5 for the year? And 12 the year before that? Going back to 2003, by using honeymonster's math 139 = 1555. Unless a "vulnerability" doesn't rate a security advisory. In which case, I can conclude (from that) that there's nothing to worry about.

        Not to mention what exploits have taken advantage of these 1555 vulnerabilities.

        FUD alert #2
        ScorpioBlue
      • The topic of this blog post is 1 (one) advisory and 22 vulnerabilities

        @ScorpioBlue<br><br>Ok let's play. Just for 2011 then.<br><br>Apple OS X (<a href="http://secunia.com/advisories/product/96/?task=advisories_2011" target="_blank" rel="nofollow">http://secunia.com/advisories/product/96/?task=advisories_2011</a>):<br><b>120 vulnerabilities</b><br><br>Microsoft Windows 7 (<a href="http://secunia.com/advisories/product/27467/?task=advisories_2011" target="_blank" rel="nofollow">http://secunia.com/advisories/product/27467/?task=advisories_2011</a>)<br><b>58 vulnerabilities</b><br><br>Hint: <i>Advisories</i> are not the same as vulnerabilities. If the vendor discloses a number of vulnerabilities at the same time (e.g. when they are patched) it is <b>one</b> advisory but several vulnerabilities.<br><br>What counts are the vulnerabilities, not in how many chunks the vendor chooses to disclose them.<br><br>Apple OS X is still the most crappy OS in terms of vulnerabilities and security. Has been like that for years now.
        honeymonster
      • RE: MS Patch Tuesday head-up: 22 vulnerabilities in Windows, Office

        And yet as of today for 2011, we only have three pieces of socially engineered malware that takes advantage of all these so-called vulnerabilities. You do understand a vulnerability is not an exploit. Right?

        Not to mention your link takes you to the advisories page which just I linked to earlier and it's still at 5 advisories (all of which have been patched, btw). Another inflating of the word "vulnerability", no doubt.

        [b]F[/b]ear, [b]U[/b]ncertanity, [b]D[/b]oubt. That's the rule these shills live by. Vulnerabilities are potentialities, exploits are known realities. Know the difference.

        I'm glad to see you can create numbers out of thin air.

        FUD alert #3
        ScorpioBlue
      • Sigh

        @ScorpioBlue<br><br><i>Not to mention your link takes you to the advisories page which just I linked to earlier and it's still at 5 advisories (all of which have been patched, btw). Another inflating of the word "vulnerability", no doubt.</i><br><br>Sigh. I tried to explain it to you. Advisories are how Secunia publishes vulnerabilities. To see (and count) the actual vulnerabilities you will have to view each advisory. Do you think you can manage to click on the links?<br><br>Inside the advisories you will find the vulnerabilities described. They are also assigned a CVE number (CVE = common vulnerability enumeration). <br><br>Example (whopper Apple patch): <a href="http://secunia.com/advisories/45054/" target="_blank" rel="nofollow">http://secunia.com/advisories/45054/</a><br><br>Vulnerability is a *very* precise term. It is common across vendors and not impacted by how the vendor chooses to disclose them.<br><br>If you want to be taken seriously in this discussion you really should try to understand the topic.<br><br><i>Fear, Uncertanity, Doubt. That's the rule these shills live by.</i><br><br>Still with the name calling?

        <i>I'm glad to see you can create numbers out of thin air. </i>
        I linked to my sources. I cannot make you actually read them. Live in ignorance (or inside the RDF) if you want it so badly
        honeymonster
      • RE: MS Patch Tuesday head-up: 22 vulnerabilities in Windows, Office

        @honeymonster

        The problem w/ vuln counts - it only is valid if you don't patch. As long as you install the patches your only concern would be this (from your links):

        Vulnerability Report: Microsoft Windows 7
        ...
        Unpatched 7% (5 of 72 Secunia advisories)

        Most Critical Unpatched
        The most severe unpatched Secunia advisory affecting Microsoft Windows 7, with all vendor patches applied, is rated Highly critical
        (cool defcon-2 icon)

        -----

        Vulnerability Report: Apple Macintosh OS X
        ...
        Unpatched 0% (0 of 5 Secunia advisories)

        Most Critical Unpatched
        There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..
        (no defcon icon!) We are at defcon-5 baby!!


        Lol
        ~doolittle~
      • @~dolittle~ good point

        That's another way of looking at it.

        Frankly, I don't think all these vulnerabilities mean a hill of beans unless there is something out there to exploit it with. Linux is full of vulnerabilities, yet in the 4 years I've been using it, not once have I been infected with anything on it. That's the bottom line. Not the endless possibilities that come up in testing labs and never make it out the door.

        See, this is just another attempt by the Redmond crowd to belittle Apple and Linux security by bringing it down to Microsoft's level of constant infections and sloppy code. It's their new sales pitch. 'You aren't any safer with Linux or Apple so you might as well come back to Microsoft.'

        Isn't that right, honeymonster? C'mon. Fess-up.
        ScorpioBlue
      • RE: MS Patch Tuesday head-up: 22 vulnerabilities in Windows, Office

        @~doolittle~<br><br>Actually, if you dig a little deeper into the numbers you'll see that there are 0 unpatched from 2011 for Windows 7: <a href="http://secunia.com/advisories/graph/?type=sol&period=2011&prod=27467" target="_blank" rel="nofollow">http://secunia.com/advisories/graph/?type=sol&period=2011&prod=27467</a><br><br>But there are 11% Unpatched from 2010: <a href="http://secunia.com/advisories/graph/?type=sol&period=2010&prod=27467" target="_blank" rel="nofollow">http://secunia.com/advisories/graph/?type=sol&period=2010&prod=27467</a><br><br>A look at OS X's numbers. Again, 0% unpatched from 2011: <a href="http://secunia.com/advisories/graph/?type=sol&period=2011&prod=96" target="_blank" rel="nofollow">http://secunia.com/advisories/graph/?type=sol&period=2011&prod=96</a><br><br>But 17% unpatched from 2010: <a href="http://secunia.com/advisories/graph/?type=sol&period=2010&prod=96" target="_blank" rel="nofollow">http://secunia.com/advisories/graph/?type=sol&period=2010&prod=96</a><br><br>You can see in the Microsoft Report that it lists unpatched advisories at the top as 5 of 72 Unpatched. However for some reason they don't list OS X's as 0 of 154 unpatched. I'm not sure if that was intended to imply that OS X has no advisories unpatched or if it was just left off for some reason.
        Badgered
      • RE: MS Patch Tuesday head-up: 22 vulnerabilities in Windows, Office

        @ScorpioBlue<br><br>Enough with the insults.<br><br>Number of vulnerabilities is a good measure of code quality.

        In that respect, Apple is the worst of the bunch. The BSDs rules, Windows is the best of the mainstream OSes and Linux sits somewhere between Windows and Apple.<br><br>Number of "unpatched" vulnerabilities can be a measure of how responsive the vendor is to vulnerabilities actually found. However, unlike the total number of vulnerabilities which is a aggregated number, unpatched vulns are a snapshot of a certain point in time.<br><br>In case of Apple it is not even reflective of the real state. The big problem with the way Apple assembles OS X (and maybe also iOS) is that they use a lot of 3rd party components, like libxml.<br><br>Apple does not control vulnerability disclosure of those 3rd party libraries/components. 3rd parties will usually patch as fast as possible, resulting in a public disclosure of vulnerabilities. From then on, anyone using those components are in the high-risk period until they patch the component within their stack. This happens frequently for Apple. They left a Java vulnerability which allowed total system compromise sit for 8 months *after* Sun had patched it.<br><br>The key point here: That vuln was never reported as "unpatched" in the Apple OS. It was first reported (and counted) when Apple actually patched it. So Apple's "unpatched" numbers are quite a bit higher than reported. This is an artifact of how the Apple OS X is assembled - not because of some dubious scheme to hide vulns (although I suspect Apple doesn't mind).<br><br>At this very point you will be able to find reported and patched vulnerabilities in componenty such as libxml (I've done that before) and find those vulnerabilities in the OS X stack simply by looking up the version number. And yet they are not reported "unpatched".
        honeymonster