July 2010 Patch Tuesday Overview
Microsoft has released 4 new security bulletins in the July 2010
edition of patch Tuesday. These bulletins address 5 vulnerabilities.
It is not uncommon, and has become expected, for a light patch Tuesday
to follow a heavy patch Tuesday release from Microsoft. Last month,
Microsoft released a hefty load of patches with 10 security bulletins
addressing 34 vulnerabilities.
The security bulletin that administrators should address first on their
machines is MS10-042. This security bulletin addresses a currently
exploited vulnerability in the wild affecting the Windows Help system.
Earlier this month, this vulnerability and exploit code was released
by a security researcher prompting Microsoft to release Security
Advisory 2219475. For any zero day exploit, administrators should
deploy the patch as soon as possible.
A second Security Advisory, 2028859, is being closed out with the
release of Security Bulletin MS10-043. There are no current exploits
being reported from Microsoft against this vulnerability although the
vulnerability was publically disclosed. The last two bulletins affect
Microsoft Office programs and each can lead to remote code execution
on an affected machine.
This may seem like a light patch month in the amount of effort
required by administrators to protect their networks, but all
administrators could have quite a work load as Windows 2000 and
Windows XP SP2 have officially reached end of life support. These
operating systems will no longer be supported after today's patch
Tuesday. Microsoft will not be supplying new Security Bulletins for
these operating systems going forward. It is important for
administrators to use this light patch month to identify these systems
on their network and upgrade the machines to a supported operating
system or service pack level. Unlike patching, deploying new
operating systems or service packs can be quite an undertaking as it
requires plenty of time and effort.
- Jason Miller