Connect with us

Hi, what are you looking for?



Microsoft Plans Critical Internet Explorer, Windows Updates for Patch Tuesday

Microsoft announced plans today to release six security bulletins as part of this month’s Patch Tuesday.

Microsoft announced plans today to release six security bulletins as part of this month’s Patch Tuesday.

Of the six, two are rated ‘critical’, while three are rated ‘important’ and one is considered ‘moderate.’ The updates are for Microsoft Windows, and Microsoft Server Software and Internet Explorer, with the critical ones targeted at IE and Windows.

It’s the time of year where many people take vacation away from the office but this won’t be the month to push off patching, blogged Russ Ersnt, director of product management for Lumension.

“Datacenter administrators shouldn’t plan to be away too much next week since every bulletin impacts nearly every supported Windows Server version,” he added. “Two of the bulletins even impact Windows Server set to Core mode.”

Wolfgang Kandek, CTO of Qualys, called the IE bulletin the most critical, and noted it affects all versions of the browser from Internet Explorer 6 to Internet Explorer 11.

“This patch should be the top of your list, since most attacks involve your web browser in some way,” he blogged. “Take a look at the most recent numbers in the Microsoft SIR (Security Intelligence Report) report v16, which illustrated clearly that web-based attacks, which include Java and Adobe Flash are the most common.”

Bulletin 3, 4, and 5, he added, are all elevation of privilege vulnerabilities in Windows and affect all versions of Windows.

Advertisement. Scroll to continue reading.

“They are local vulnerabilities, i.e they cannot be used to achieve code execution remotely through the network, but require that the attacker already haves a presence on the targeted machine as a normal or standard user,” Kandek blogged. “Exploits for these types of vulnerabilities are part of the toolkit of any attacker as they are extremely useful, when the attackers get an account on the machine, say through stolen credentials. In any practical scenario, the attacker then wants to assure continued control of the machine and will need to become administrator of the machine to install their controlling malware. This is where these vulnerabilities come in – we consider these extremely important to fix to help frustrate or slow down attackers once they are on the target machine.”

The final bulletin is rated ‘moderate’ and impacts Microsoft Service Bus for Windows Server, Ernst explained.

“Microsoft Service Bus is a messaging service used by many third-party web applications as well as by Microsoft Azure, so even though this is rated as Moderate, it is probable that this vulnerability would be used in conjunction with other vulnerabilities to target those applications,” he blogged.

The Patch Tuesday updates will be released July 8 at approximately 10 am PT.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.