Microsoft to issue four bulletins on its next Patch Tuesday to cover the vulnerability in its Windows Help and Support Center

News by Dan Raywood

Microsoft is to release four bulletins on its next Patch Tuesday covering five vulnerabilities.

Microsoft is to release four bulletins on its next Patch Tuesday covering five vulnerabilities.

The patches, scheduled for release on Tuesday 13th July, are for two bulletins in Office, covering critical vulnerabilities, while two other bulletins cover one critical and one important vulnerability in Windows.

Jerry Bryant, senior security communications manager at Microsoft, said: “As always, we recommend that customers review the ANS summary page for more information and prepare for the testing and deployment of these bulletins as soon as possible.”

He also confirmed that Microsoft will ‘close out' two security advisories this month, namely security advisory 2028859 which covers a vulnerability in the canonical display driver that could allow remote code execution. Also security advisory 2219475 which covers a vulnerability in the Windows Help and Support Center that could allow remote code execution, with a comprehensive update that addresses the issue currently under attack.

The latter had reportedly received 10,000 exploits as of last week, after it was disclosed in mid-June.

Bryant also confirmed that July marks the end of Microsoft support for the Windows 2000 and Windows XP SP2 platforms. He recommended that customers actively seek out either a supported operating system or the latest service pack in order to keep receiving necessary security updates.

Wolfgang Kandek, CTO at Qualys, commented that the update is small but welcomed the zero-day vulnerability patches. He also praised Microsoft for its turnaround time on the patch for the Windows Help and Support Center vulnerability.

Alan Bentley, SVP international for Lumension, said: “Bulletins one and two both affect Microsoft Windows and are critical, as the vulnerabilities addressed could allow for remote code execution, typically the most-feared exploit type. Bulletin two will have a huge impact, as it affects Windows 7 desktop users and Windows 2008 R2 servers, which are Microsoft's most current and widely deployed desktop and server solutions.  IT departments with Windows 7 and/or Windows 2008 R2 should be prepared to prioritise this bulletin.

“Bulletin three and four affect Microsoft Office. While bulletin three is rated critical, fortunately its impact will be limited just to businesses that have built applications and processes using Microsoft Access, as this is the affected software. Bulletin four is only rated important, but we do want to strongly encourage users to pay attention to this since it addresses a vulnerability in Microsoft Outlook. Vulnerabilities in email clients are always a concern.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop