News Stay informed about the latest enterprise technology news and product updates.

Microsoft to fix Internet Explorer 9 in July 2012 Patch Tuesday

Microsoft will issue nine bulletins, three rated “critical” as part of its July Patch Tuesday, addressing critical flaws in Windows and Internet Explorer 9.

Microsoft will issue nine bulletins, three rated “critical,” addressing 16 flaws across its product line as part...

of its July 2012 Patch Tuesday.  As part of the update, Microsoft could roll out a patch addressing the XML Core Services zero-day flaw, which surfaced last month.  

In its advance notification issued today, the software giant said the “critical” bulletins affect Windows and Internet Explorer 9. In addition, it plans updates to repair coding errors in Office, SharePoint server and Visual Basic for Applications.

Active attacks targeting XML Core Services
The advance notification does not indicate whether XML Core Services would be affected by the July updates. Microsoft issued an advisory last month warning users of attacks targeting an XML Core Services zero-day flaw

Microsoft XML Core Services processes and converts XML to HTML for display.  Attacks can target the coding error through drive-by attacks or trick users through a phishing campaign. Once an attacker is successful they are granted the same user rights as the victim and can access systems while fully authenticated, Microsoft said.

The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007. The advisory includes a workaround that can be used until the investigation is complete and a permanent patch is released.

Since the advisory, security experts say attacks targeting the flaw have increased. Graham Cluley outlined an attack using the flaw targeting the website of a European aeronautical parts supplier.

The bulletins are scheduled to be released July 10.

Dig Deeper on Microsoft Windows security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.