IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft's July Patch Tuesday to feature 2 critical fixes

Microsoft has notified users of upcoming security fixes, including two critical-rated vulnerabilities

Patch Tuesday

Microsoft will be rolling out two critical fixes during its monthly Patch Tuesday round of security updates.

There are six notifications in all, with two ranked critical, three important and one listed as only moderate.

The average since 2013 has been around nine per month, so the six announced for next week represent a lower bulletin count than usual.

Of the two labelled critical, one is related to Internet Explorer, and is more than likely to be a patch that collects a number of updates needed to the browser. This marks the sixth Patch Tuesday in a row that's featured updates for the browser.

Wolfgang Kandek, CTO of Qualys, highlighted the importance of the IE update in a blog post. "This patch should be top of your list, since most attacks involve your web browser in some way.

"Take a look at the most recent numbers in Microsoft SIR report v16, which illustrate clearly that web- based attacks, which include Java and Adobe Flash are the most common," he added.

The second critical bulletin resolves remote code execution issues with all versions of Windows currently available, including Windows RT and RT 8.1.

Arriving third, fourth and fifth, the "important" bulletins address issues around privilege elevation. All the vulnerabilities addressed by these bulletins are local, meaning they cannot be executed through  a network connection.

That doesn't mitigate the danger, claims Kandek, as an attacker who gains access to a computer through stolen credentials can still control the user's computer with them.

Bulletin six, ranked the lowest in importance with a "moderate" rating, fixes denial-of-service vulnerabilities in Microsoft's server software.

"All of the vulnerabilities in this month's release were discovered by Microsoft or privately disclosed by security researchers," said Karl Sigler, threat intelligence manager at Trustwave. "The good news is that none of these vulnerabilities have been exploited in the wild yet."

Full details of each bulletin will be released when the patches go live next Tuesday

Featured Resources

Big data for finance

How to leverage big data analytics and AI in the finance sector

Free Download

Ten critical factors for cloud analytics success

Cloud-native, intelligent, and automated data management strategies to accelerate time to value and ROI

Free Download

Remove barriers and reconnect with your customers

The $260 billion dollar friction problem businesses don't know they have

Free Download

The future of work is already here. Now’s the time to secure it.

Robust security to protect and enable your business

Free Download

Recommended

Windows 11 Update 2022: The "first major" Windows 11 update brings slew of new business features
Microsoft Windows

Windows 11 Update 2022: The "first major" Windows 11 update brings slew of new business features

21 Sep 2022
Three critical vulnerabilities and one zero-day feature in Microsoft's September Patch Tuesday
Security

Three critical vulnerabilities and one zero-day feature in Microsoft's September Patch Tuesday

14 Sep 2022
Microsoft Surface Laptop Go 2 review: Basic but brilliant
Laptops

Microsoft Surface Laptop Go 2 review: Basic but brilliant

13 Sep 2022
How to downgrade from Windows 11 to Windows 10
Microsoft Windows

How to downgrade from Windows 11 to Windows 10

5 Sep 2022

Most Popular

How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022
What your hybrid workforce needs from their laptops
Advertisement Feature

What your hybrid workforce needs from their laptops

21 Sep 2022
Why collaboration is key to digital transformation
Sponsored

Why collaboration is key to digital transformation

13 Sep 2022