Latest Patch Tuesday also revamps Update process following Flame revelations
Microsoft has released details of July’s Patch Tuesday, which includes a fix for a critical flaw in Internet Explorer 9 that could let hackers take control of machines and install malware.
In total, Microsoft will be issuing nine bulletins, three of which are rated as critical and related to remote code execution. The remaining fixes are rated as important. The fixes cover 16 vulnerabilities and address flaws in Windows, Office, SharePoint and Office for the Mac.
The fix for IE9 is interesting, as Microsoft generally patches its browser only every two months. Another fix for IE9 was pushed out last month, suggesting Microsoft has discovered a potentially serious issue.
Perhaps most significantly however is the updates Microsoft is rolling out to the Windows Update process itself. This follows on from the revelation that the Flame virus was able to spoof a Microsoft digital certificate, fooling PCs into believing it was legitimate software and allowing it to install via Windows Update.
"Over the last few weeks, Microsoft has also been rolling out the improved version of the Windows Update client, which has improved security measures that will be used for the first time in this month’s update," said Qualys CTO Wolfgang Kandek.
"The changes are related to the Flame malware that came up with a sophisticated certificate collision attack and was able to abuse Microsoft’s update service to infect its targets," he added.
The updates will be pushed out next week so IT admins should prepare for the updates now. The critical nature of many of the updates means businesses will be at risk if the patches are not implemented.