July's Patch Tuesday to fix six critical Windows, Office, IE security vulnerabilities

Prepare for a bumpy ride for July's roundup of Patch Tuesday updates, Microsoft warns, with critical flaws for almost every version of Windows running every bit of hardware.


Microsoft's monthly release of security updates on deck for Tuesday, commonly known simply as Patch Tuesday, will include six "critical" updates that will require every version of Windows being patched by administrators.

Microsoft's advanced security bulletin also noted vulnerabilities in Visual Studio, Microsoft Office, Microsoft Lync, .NET Framework, and Silverlight. Internet Explorer 6 and above also requires patching on machines running Windows XP through to Windows RT.

Read this

Microsoft misses Google-found flaw in Patch Tuesday updates

Despite rolling out five security updates, Microsoft missed out a patch for a zero-day flaw in Windows. And it just so happened it was discovered by its main rival in the business space.

Read More

The unusually high number of "critical" monthly updates in July will see Microsoft's figure rise to 22, a faster rate than 2012, which ended the calendar year with 34 critical flaws in total.

Bulletin 1 through to 6 all deal with remote code execution, which can give hackers and malware writers access to machines to install malware without user prompts or permission. 

A zero-day flaw, spotted by Google researcher Tavis Ormandy, which identified a problem in the kernel of Windows 2000 and above that affects the user privileges of the logged-on user, will also be fixed. He  fanned the flames by making the discovery public  and calling Microsoft "often very difficult to work with," and claiming the Redmond, Wash.-based software giant treated security researchers with "great hostility."

Though missed by Microsoft  during June's security update release , Bulletin 4 will fix the kernel flaw.

The remining one bulletin rated as "important" allows hackers to elevate their privileges by exploiting Windows Defender running on Windows 7, or its server counterpart, Windows Server 2008 R2.

Details of the flaws are withheld by Microsoft until the patches are released to prevent abuse by third parties. 

Microsoft is also expected to issue a number of non-security related fixes to its Surface Pro and Surface RT tablets,  in line with previous months .

The security fixes will be released on July 9 through the usual update channels, such as Windows and Microsoft Update.