Critical Security Updates Coming to Windows XP, 8, RT & Server

As Windows users are already acquainted with, on the second Tuesday of each month, Microsoft releases a bundle of security updates, usually aimed at its Windows versions and the software they come with. Since security is always a problem, receiving monthly security updates is a welcome move.

Microsoft has prepaired us for the Patch Tuesday release on July 9 with a Microsoft security bulletin advance notification for July 2013. Users and administrators should prepare their systems for the release, as it will be aimed at all the Windows versions, from XP up to Windows 8.1, I guess.

Microsoft’s Patch Tuesday brings much-needed security updates

Microsoft will release on July 9 a number of seven security patches that are rated as ‘critical’.  Until April 8, 2014, when Microsoft will officially kill support for Windows XP, the company is committed to bring updates as it did before. The upcoming security updates will affect Windows XP, Windows 8 (and perhaps Windows 8.1), Windows RT and some support versions of Windows Server.

The updates are said to fix “remote code execution vulnerabilities”;  there is also a patch that will fix the privilege flaw in Microsoft’s Security Software package. Let’s talk a little bit about “remote code execution vulnerabilities”. These are those “holes” in your system that are used by bad hackers or, attackers, as they are called, to unleash malware download attacks that can result in applications crashing, most of the thime. Thus, the security updates will be made to important software that deals with the online aspect of your activity –  .Net Framework and Silverlight. Every version of Microsoft Office, Internet Explorer (from IE6 to IE10), Lync Visual Studio will also be update, besides the Windows version themselves.

Paul Henry, security and forensic analyst at security tools firm Lumension.

This is one of the uglier releases we’ve seen from Microsoft this year. To say that all Microsoft products are affected and everything is affected critically is not an understatement. It’s difficult to prioritize one or two because all the bulletins are significant this Patch Tuesday.

We can’t say that this Patch Tuesday edition is more important than others, but will surely get enough eyeballs, especially because now Windows 8 is back in the highlight thanks to the Windows 8.1 update. Ross Barrett, senior manager of security engineering at Rapid7, one of the most known companies when it comes to vulnerability management and penetration testing software, has expressed his views:

It’s going to be a busy month for security teams everywhere. Three of the bulletins roughly match the profile of the issue Google’s Tavis Ormandy disclosed back in May, and given the publicity that got, I’d expect it to be patched in this round.

Ross Barret is talking about a big memory management problem discovered by Ormandy, in the win32k.sys component of Windows (codename CVE-2013-3660). The security updates on this Tuesday are said to fix this issue. According to some security experts, Windows has already released in 2013 more security updates than it has done in the entire year of 2012.