Patch Tuesday: Microsoft plans to fix 22 vulnerabilities

Microsoft has four more bulletins, otherwise known as updates, to apply to computers this July as part of the company's unofficial tradition of releasing updates on the second Tuesday of the month. Overall there are 22 vulnerabilities, with the majority of them related for Microsoft's Windows operating system. There is also an important update bulletin available for the company's Office software suite.

The updates, which are due to come out on Tuesday 12th July 2011, will be automatically installed via Windows Update if users have the functionality turned on. Those who do not will need to make sure they manually update, given that the vulnerabilities include remote code execution and elevation of privileges. Below is an overview of all affected components in the update:

  • Microsoft Windows OS (XP, Server 2003, Vista, Server 2008 (& R2), 7)
  • Microsoft Office (2003)

Compared to the set of updates from last month's, July's does not contain as many bulletins. However as we observed in June, once information has been posted about the vulnerability, hackers are quick utilise the loopholes and damage unpatched machines. Microsoft has a page in which computer users may view more details on the updates. There are three updates among the four that will require a restart and this is applicable to both 32-bit and 64-bit versions of operating system.

Report a problem with article
Previous Story

Visual voicemail coming to Windows Phone

Next Story

Rumor: Special Xbox 360 R2-D2 console coming?

24 Comments

Commenting is disabled on this article.

fix vulnerabilities?! is that some kind of a joke? Windows will always be the most insecure OS and as long as Mac gains more market share it will become insecure as well, but not as much as Windows ..

allwynd said,
fix vulnerabilities?! is that some kind of a joke? Windows will always be the most insecure OS and as long as Mac gains more market share it will become insecure as well, but not as much as Windows ..
Of course! /s

Joking aside, an OS does not "become" insecure. It is inherently so. Through excessive patching and refinement, it can become secure.

The *only* reason that OSX has escaped thus far is purely its marketshare. It is as insecure as it always has been. The only thing that will change that is malware developers taking new targets. Mac is a frail, sheltered rich boy trying to join the army, whereas Windows has been at it for years. Windows is a fortress.

Reacon said,
Joking aside, an OS does not "become" insecure. It is inherently so. Through excessive patching and refinement, it can become secure.

The *only* reason that OSX has escaped thus far is purely its marketshare. It is as insecure as it always has been. The only thing that will change that is malware developers taking new targets. Mac is a frail, sheltered rich boy trying to join the army, whereas Windows has been at it for years. Windows is a fortress.

the Windows development policy does not allow it to be secure, they are a closed-source OS and they have people who are doing a certain job and when an issue like a vulnerability appears they are dispatched to work it out and this slows the overall development of the OS meaning that their support isnt as good as an open-source OS like Linux where an issue is cleared within 1-2 days compared to the weeks or months in Windows

Linux has been the major server option for more than 20 years, Google, NASA and many more use Linux because its secure, normal users doesnt use Linux, because the Linux desktop is young and hasnt developed to its fullest, which is happening as we speak, and hopefully within 4-5 years Linux will gain a considerable market share an things will dramatically changed.. if Windows is used in the army, im not sure which army are you speaking about, but this may be very well a speculation.. ive been using Windows since 2005 and ive seen how insecure and unstable it is and its almost painful so i dont see why an army institution would ever choose Windows

as for Mac, its okay, when you have the money for it, then and only then, you are guaranteed a safe and fast experience, its just that their politics suck and they force you to buy a new product one yours gets old, while if you own a normal machine for Windows and Linux, you can just upgrade it and save lots of money

allwynd said,

the Windows development policy does not allow it to be secure, they are a closed-source OS and they have people who are doing a certain job and when an issue like a vulnerability appears they are dispatched to work it out and this slows the overall development of the OS meaning that their support isnt as good as an open-source OS like Linux where an issue is cleared within 1-2 days compared to the weeks or months in Windows

Linux has been the major server option for more than 20 years, Google, NASA and many more use Linux because its secure, normal users doesnt use Linux, because the Linux desktop is young and hasnt developed to its fullest, which is happening as we speak, and hopefully within 4-5 years Linux will gain a considerable market share an things will dramatically changed.. if Windows is used in the army, im not sure which army are you speaking about, but this may be very well a speculation.. ive been using Windows since 2005 and ive seen how insecure and unstable it is and its almost painful so i dont see why an army institution would ever choose Windows

as for Mac, its okay, when you have the money for it, then and only then, you are guaranteed a safe and fast experience, its just that their politics suck and they force you to buy a new product one yours gets old, while if you own a normal machine for Windows and Linux, you can just upgrade it and save lots of money

all I see is blablabla...When will fanboys finally see the light and stop being so annoying

XerXis said,

all I see is blablabla...When will fanboys finally see the light and stop being so annoying

like you? fanboy ... do you have anything else in mind other than fanboy?

allwynd said,

the Windows development policy does not allow it to be secure, they are a closed-source OS and they have people who are doing a certain job and when an issue like a vulnerability appears they are dispatched to work it out and this slows the overall development of the OS meaning that their support isnt as good as an open-source OS like Linux where an issue is cleared within 1-2 days compared to the weeks or months in Windows

Linux has been the major server option for more than 20 years, Google, NASA and many more use Linux because its secure, normal users doesnt use Linux, because the Linux desktop is young and hasnt developed to its fullest, which is happening as we speak, and hopefully within 4-5 years Linux will gain a considerable market share an things will dramatically changed.. if Windows is used in the army, im not sure which army are you speaking about, but this may be very well a speculation.. ive been using Windows since 2005 and ive seen how insecure and unstable it is and its almost painful so i dont see why an army institution would ever choose Windows

as for Mac, its okay, when you have the money for it, then and only then, you are guaranteed a safe and fast experience, its just that their politics suck and they force you to buy a new product one yours gets old, while if you own a normal machine for Windows and Linux, you can just upgrade it and save lots of money

And Linux is one of the easiest OSes to hack, if you are a hacker, especially when goofs like you think it is somehow superior. I don't know if you are young or just not into security, but you are really off target here.

Having access to easy to read 'source code' just makes it easier to look through some code to find a new exploit when it is needed.

As for who you list as using Linux, you are wrong, as you will find OpenBSD and even Windows in these environments more than you will find Linux in any fail-safe or mission critical software. Google doesn't reveal how many servers they have, let alone what they are using, as their search servers are not open and very much a secret for 'security' reasons.

As for the military and NASA, these are more side projects, than actual in use projects. (Our company produced software for the International Space Station, it was a Windows based application, per both NASA and Lockheed specifications.)

Guess what OS hosts the most bots in non-desktop installations?
Ironically, Linux is the correct response...

Linux routers especially are the main targets of bots and rootkit level bots, as most IT people never wipe or run a security scan to identify odd behavior of routers.

Linux servers are more hacked the Windows Servers as well, which if you pay attention to security, you would know this. The main problem with Linux server security is fragmented and custom distributions that are not properly patched, and the ease of penetrating simple tools that are common in Apache and PHP and MYSQL.

Did you see what happened to Sony the last couple of months? Do you know what the servers were running? Linux...

Even as a casual expert on security, a few web searches would have shown you things like that Linux routers are continually hit and being discovered to be botted, see key distribution hacks, major hosting providers like GoDaddy getting hacked, and even read the articles on Apache, Fedora, Ubuntu, and RedHat getting their in-house Linux servers hacked - which doesn't even inlcude the mass amount of hacks and exploits used on each distribution of Linux.

Oh, and in case you missed any of the LulzSec news, they used a PHP based RFI exploit specifically on UNIX servers, from Linux to Solaris to OpenBSD (UNIX is truly not a good model for security).

They hacked and used about 8000 servers to do their bidding in their attacks, and targetted mainly UNIX based servers. And if you do the math of percentage of Linux servers vs other UNIX servers out there, the majority of these hacks were done using LINUX and and done to LINUX servers.

I know Linux security sounds good, but it just isn't reality.

All OSes are vulnerable, and right now with Windows 2008 Server (& R2), Windows Servers are the least hacked and most secure. A lot of this has to do with Microsoft getting hammered for years, sure... But it also has to do with the integration of IIS and the new .NET protection wrapper for PHP, etc. (When Microsoft looked at IIS hacks over the years, CGI/PHP exploits were the main entry point, as they ran outside the protection umbrella that .NET and the ASP.NET side of IIS enjoyed. This is why the new interoperability framework was added to IIS, to bring PHP and other technologies under this protection layer.)

Take Care...

Edited by thenetavenger, Jul 11 2011, 5:43pm :

allwynd said,
fix vulnerabilities?! is that some kind of a joke? Windows will always be the most insecure OS and as long as Mac gains more market share it will become insecure as well, but not as much as Windows ..

Thank you for making me laugh.

KavazovAngel said,

Thank you for making me laugh.

thenetavenger said,

And Linux is one of the easiest OSes to hack, if you are a hacker, especially when goofs like you think it is somehow superior. I don't know if you are young or just not into security, but you are really off target here.

Having access to easy to read 'source code' just makes it easier to look through some code to find a new exploit when it is needed.

As for who you list as using Linux, you are wrong, as you will find OpenBSD and even Windows in these environments more than you will find Linux in any fail-safe or mission critical software. Google doesn't reveal how many servers they have, let alone what they are using, as their search servers are not open and very much a secret for 'security' reasons.

As for the military and NASA, these are more side projects, than actual in use projects. (Our company produced software for the International Space Station, it was a Windows based application, per both NASA and Lockheed specifications.)

Guess what OS hosts the most bots in non-desktop installations?
Ironically, Linux is the correct response...

Linux routers especially are the main targets of bots and rootkit level bots, as most IT people never wipe or run a security scan to identify odd behavior of routers.

Linux servers are more hacked the Windows Servers as well, which if you pay attention to security, you would know this. The main problem with Linux server security is fragmented and custom distributions that are not properly patched, and the ease of penetrating simple tools that are common in Apache and PHP and MYSQL.

Did you see what happened to Sony the last couple of months? Do you know what the servers were running? Linux...

Even as a casual expert on security, a few web searches would have shown you things like that Linux routers are continually hit and being discovered to be botted, see key distribution hacks, major hosting providers like GoDaddy getting hacked, and even read the articles on Apache, Fedora, Ubuntu, and RedHat getting their in-house Linux servers hacked - which doesn't even inlcude the mass amount of hacks and exploits used on each distribution of Linux.

Oh, and in case you missed any of the LulzSec news, they used a PHP based RFI exploit specifically on UNIX servers, from Linux to Solaris to OpenBSD (UNIX is truly not a good model for security).

They hacked and used about 8000 servers to do their bidding in their attacks, and targetted mainly UNIX based servers. And if you do the math of percentage of Linux servers vs other UNIX servers out there, the majority of these hacks were done using LINUX and and done to LINUX servers.

I know Linux security sounds good, but it just isn't reality.

All OSes are vulnerable, and right now with Windows 2008 Server (& R2), Windows Servers are the least hacked and most secure. A lot of this has to do with Microsoft getting hammered for years, sure... But it also has to do with the integration of IIS and the new .NET protection wrapper for PHP, etc. (When Microsoft looked at IIS hacks over the years, CGI/PHP exploits were the main entry point, as they ran outside the protection umbrella that .NET and the ASP.NET side of IIS enjoyed. This is why the new interoperability framework was added to IIS, to bring PHP and other technologies under this protection layer.)

Take Care...


im being realistic, you are being fanboys

allwynd said,


im being realistic, you are being fanboys

Realistic to your own version of reality? And I'm a fanboi of what, security?

If people continue to treat Linux or any OS like they are bulletproof, they will continue to be the bane of the technology industry.

It is unfortunate that you didn't read what was presented to you with a 'curious mind', as this reluctance to face anything that violates a belief system is what creates the messes people find themselves in, especially when working with anything security related. When faced with a truth or reality they don't like, instead of challenging it, they stick their head in the sand so they can feel good about being right, which makes the distorted reality they live in feel 'ok' for a moment.


To lazy to look it up right now, but don't these updates come straight from Microsoft in Redmond, WA.?

Aren't they on daylight savings time out there? Seems like it was always noon EST I used to get the updates, but lately it's been after 1:00EST.

Tack on another 4 updates to the already 100 beyond XP Sp3.... really MS time to compile a SP4 for ole tried and true - XP

sava700 said,
Tack on another 4 updates to the already 100 beyond XP Sp3.... really MS time to compile a SP4 for ole tried and true - XP

Agreed! And at the minimum a roll-up pack would be nice.

kryten said,
Where did you get 22? Genuinely interested.

Read any of the typical sites that cover monthly updates. Or go bing the terms "22 vulnerabilities july 2011" without the quotes.

scorp508 said,

Read any of the typical sites that cover monthly updates. Or go bing the terms "22 vulnerabilities july 2011" without the quotes.

+1.

Huh? They are releasing 4 updates (3 Windows, 1 Office) and they fix far more than "4 vulnerabilities." Other sources say it is as high as 22 vulnerabilities being patched in these 4 updates. This post was made at 8:01PM Eastern US in case the story itself gets fixed.