Security Market Segment LS
Wednesday, 13 July 2011 08:45

Microsoft Patch Tuesday: four security bulletins


Microsoft has issued just four security bulletins this month, and only one is regarded as critical. A total of 22 vulnerabilities are addressed.

As foreshadowed, Microsoft has released four security bulletins this month. Windows and Visio are affected, but only one of the bulletins is rated critical and even that has limited applicability.

The critical bulletin affects Windows 7 and Vista. A vulnerability in the Windows Bluetooth stack means a series of maliciously crafted Bluetooth packets could be used to trigger remote code execution.

Vista SP1 is only affected if the Windows Vista Feature Pack for Wireless has been installed, and in any case affected operating systems are only vulnerable if Bluetooth hardware is installed. It still makes sense to apply the patch to affected versions of Windows in case a USB Bluetooth adaptor is ever plugged in.

Although the issue is regarded as critical, Microsoft's Security Research Center believes it will be difficult to build a reliable exploit for remote code execution and that denial of service (crashing) is a more likely outcome.

July's second bulletin addresses 15 vulnerabilities in Windows kernel-mode drivers, some of which could be used to gain elevated privileges. The bulletin is rated important, and all currently supported versions of Windows are affected, including Server Core installations of Windows Server 2008.

Please read on for details of the remaining Windows and Office patches.

Also rated important is a bulletin covering five privilege-escalation vulnerabilities in Windows' Client/Server Run-Time Subsystem. Again, all currently supported versions of Windows are affected.

All of the Windows vulnerabilities addressed this month were disclosed privately or discovered within Microsoft.

The final bulletin for the month addresses a publicly disclosed vulnerability in Visio. It concerns an attack vector that we've seen mentioned in other security bulletins in recent months: a maliciously crafted library file located in the same network directory as a legitimate Visio file opened by the user.

The only currently supported version affected is Visio 2003 SP3, but Microsoft has warned that Microsoft Update or Windows Update may offer the update on systems that do not have Visio 2003 installed.

Microsoft has also released updates addressing non-security issues in Windows 7, Vista, Server 2008 (including R2), and Windows Embedded DStandard 7, along with new versions of the Malicious Software Removal Tool and the Windows Mail Junk E-mail Filter.



You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments