Microsoft Issues 14 Security Bulletins in July’s Patch Tuesday

In July's Patch Tuesday update, Microsoft issued 14 security fixes for its software, compared to eight bulletins released in June. Those patches are on top of the Adobe patches to fix zero-day vulnerabilities in Flash.

The patches fix dozens of vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft SQL Server, and Internet Explorer. Hackers are actively exploiting three bulletins: MS15-065, MS15-070, and MS15-077, according to MicrosoftEUs Dustin Childs.

MS15-065 deals with 28 flaws in versions of IE 6 and later, including a number of fixes for critical vulnerabilities. MS15-065 affects the VBScript engine in Windows Server 2003, Windows Server 2008, and Windows Vista, which could allow hackers to take over a machine. And MS15-067 fixes issues in Windows 7 and Windows 8, which targets Remote Desktop Protocol (RDP).

Hacking Team Response

Craig Young, a security researcher at advanced threat detection firm Tripwire, told us the EUprize pigEU in JulyEUs Patch Tuesday is, hands down, the remote desktop bug described in MS15-067. CVE-2015-2373 is the first code execution bug in RDP he can remember since 2012.

EUThis is very high impact because many businesses rely on remote desktop protocol and many advanced home users configure remote access for RDP into their home,EU Young said. EUThis should definitely be on the top of everyoneEUs install list. Although Microsoft describes that code execution is tricky, there are a lot of smart people out there and IEUm sure it wonEUt be long before proof-of-concept code starts floating around.EU

Meanwhile, with MS15-077, Young said Microsoft has answered the tough question of what happens when zero-day is publicly disclosed just days before a scheduled patch release. The answer in this case is that Microsoft addressed the elevation of privilege bug used by the Hacking Team -- the Italian company that supplies hacker tools to the world -- to covertly give its...

Comments are closed.