Microsoft to fix Internet Explorer 9 in July 2012 Patch Tuesday

Microsoft will issue nine bulletins, three rated “critical” as part of its July Patch Tuesday, addressing critical flaws in Windows and Internet Explorer 9.

Microsoft will issue nine bulletins, three rated “critical,” addressing 16 flaws across its product line as part of its July 2012 Patch Tuesday.  As part of the update, Microsoft could roll out a patch addressing the XML Core Services zero-day flaw, which surfaced last month.  

In its advance notification issued today, the software giant said the “critical” bulletins affect Windows and Internet Explorer 9. In addition, it plans updates to repair coding errors in Office, SharePoint server and Visual Basic for Applications.

Active attacks targeting XML Core Services
The advance notification does not indicate whether XML Core Services would be affected by the July updates. Microsoft issued an advisory last month warning users of attacks targeting an XML Core Services zero-day flaw

Microsoft XML Core Services processes and converts XML to HTML for display.  Attacks can target the coding error through drive-by attacks or trick users through a phishing campaign. Once an attacker is successful they are granted the same user rights as the victim and can access systems while fully authenticated, Microsoft said.

The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007. The advisory includes a workaround that can be used until the investigation is complete and a permanent patch is released.

Since the advisory, security experts say attacks targeting the flaw have increased. Graham Cluley outlined an attack using the flaw targeting the website of a European aeronautical parts supplier.

The bulletins are scheduled to be released July 10.

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close