Microsoft is to release four bulletins on its next Patch Tuesday covering five vulnerabilities.
The patches, scheduled for release on Tuesday 13th July, are for two bulletins in Office, covering critical vulnerabilities, while two other bulletins cover one critical and one important vulnerability in Windows.
Jerry Bryant, senior security communications manager at Microsoft, said: “As always, we recommend that customers review the ANS summary page for more information and prepare for the testing and deployment of these bulletins as soon as possible.”
He also confirmed that Microsoft will ‘close out' two security advisories this month, namely security advisory 2028859 which covers a vulnerability in the canonical display driver that could allow remote code execution. Also security advisory 2219475 which covers a vulnerability in the Windows Help and Support Center that could allow remote code execution, with a comprehensive update that addresses the issue currently under attack.
Bryant also confirmed that July marks the end of Microsoft support for the Windows 2000 and Windows XP SP2 platforms. He recommended that customers actively seek out either a supported operating system or the latest service pack in order to keep receiving necessary security updates.
Wolfgang Kandek, CTO at Qualys, commented that the update is small but welcomed the zero-day vulnerability patches. He also praised Microsoft for its turnaround time on the patch for the Windows Help and Support Center vulnerability.
Alan Bentley, SVP international for Lumension, said: “Bulletins one and two both affect Microsoft Windows and are critical, as the vulnerabilities addressed could allow for remote code execution, typically the most-feared exploit type. Bulletin two will have a huge impact, as it affects Windows 7 desktop users and Windows 2008 R2 servers, which are Microsoft's most current and widely deployed desktop and server solutions. IT departments with Windows 7 and/or Windows 2008 R2 should be prepared to prioritise this bulletin.
“Bulletin three and four affect Microsoft Office. While bulletin three is rated critical, fortunately its impact will be limited just to businesses that have built applications and processes using Microsoft Access, as this is the affected software. Bulletin four is only rated important, but we do want to strongly encourage users to pay attention to this since it addresses a vulnerability in Microsoft Outlook. Vulnerabilities in email clients are always a concern.”