Microsoft's July 2013 Patch Tuesday release meant updating a wide variety of products, with the Redmond giant rating six of the seven patches "critical." Three of the patches fix instances in various products of a remote execution vulnerability linked to how Windows parses TrueType
Across all seven bulletins, an unusually wide variety of Microsoft's products are affected, including all Internet Explorer versions, all versions of the Windows OS, and multiple versions of Microsoft Office. Paul Ducklin, writing on the NakedSecurity blog, said the range of affected systems means that before applying the patches "it would be wise to make sure that you have all your operational ducks in a row."
In a blog entry, Qualys' Chief Technology Officer Wolfgang Kandek recommended organizations "start the patching process with MS13-053, a bulletin for Windows that applies to all versions of the OS." This is important, Kandek said, at least in part because of the font issue, of which he said, "The most likely attack vector is through end users browsing a malicious webpage or opening an infected document, which results in remote code execution that gives control of the affected machine to the attacker."
Adobe also released Tuesday patches: three bulletins for its Flash Player, Shockwave and ColdFusion products.
And, if it feels like July only just arrived and the patch is landing early, that's because it is. The NakedSecurity blog noted that "it's almost as early as it can be, since July started on a Monday."