Microsoft Patch Tuesday: four security bulletins

Stephen Withers
Wednesday, 13 July 2011 08:45

Business IT - Security

Microsoft has issued just four security bulletins this month, and only one is regarded as critical. A total of 22 vulnerabilities are addressed.

As foreshadowed, Microsoft has released four security bulletins this month. Windows and Visio are affected, but only one of the bulletins is rated critical and even that has limited applicability.

The critical bulletin affects Windows 7 and Vista. A vulnerability in the Windows Bluetooth stack means a series of maliciously crafted Bluetooth packets could be used to trigger remote code execution.

Vista SP1 is only affected if the Windows Vista Feature Pack for Wireless has been installed, and in any case affected operating systems are only vulnerable if Bluetooth hardware is installed. It still makes sense to apply the patch to affected versions of Windows in case a USB Bluetooth adaptor is ever plugged in.

Although the issue is regarded as critical, Microsoft's Security Research Center believes it will be difficult to build a reliable exploit for remote code execution and that denial of service (crashing) is a more likely outcome.

July's second bulletin addresses 15 vulnerabilities in Windows kernel-mode drivers, some of which could be used to gain elevated privileges. The bulletin is rated important, and all currently supported versions of Windows are affected, including Server Core installations of Windows Server 2008.

Please read on for details of the remaining Windows and Office patches.