This month’s updates will become available around 10am PST on July 8. There are expected to be six bulletins, with associated updates affecting Windows and Internet Explorer. Two are tagged as Critical.
The official advance notification bulletin has all the technical details, while as usual there’s a less technical summary over on the MSRC blog.
One of the updates made available by Microsoft for June’s Patch Tuesday makes Internet Explorer much more resistant to attacks based on a particular form of security flaw known as ‘use after free‘.
Ars Technica has additional details.
Microsoft is apparently trying to reduce the amount of work they face when creating software updates.
The latest wrinkle is that anyone running Internet Explorer 11 on Windows 7 must install update KB2929437 in order to continue receiving updates for Internet Explorer.
In other words, if you fail to install KB2929437, you will stop seeing updates (including critical security updates) for Internet Explorer in Windows Update and Autoupdate.
This month there are seven bulletins, with related patches affecting Internet Explorer, Windows and Office. A total of sixty-six security vulnerabilities are fixed with these updates.
Note that Microsoft is recommending upgrading to the latest version of Internet Explorer. IE 11 contains security features not found in previous versions and is therefore somewhat more secure than those older versions. Anyone still using Internet Explorer would do well to follow this advice.
Note also that this is the last set of updates that will be available for Windows 8.1 installations without Update 1. In other words, if you’ve held off on installing Update 1, you won’t get any updates next month or after that.
This month there will be seven bulletins and associated updates for Windows, Office and Internet Explorer. Two are rated Critical.
One of the updates will fix the recently-discovered vulnerability in Internet Explorer 8.
The official advance warning bulletin has all the technical details.
Chrome, Firefox and Internet Explorer can be tricked into revealing your browsing history by unscrupulous web site owners.
The new vulnerability is similar to one that was discovered, then patched, in the major browsers several years ago. The new technique uses a different approach to accomplish the same thing.
Browser developers are working on fixes for this vulnerability, but in the meantime, anyone concerned about their browser history potentially being revealed should get into the habit of clearing their history frequently. Alternatively, you could switch to a privacy-oriented browsing solution such as the Tor Browser Bundle.
Zero Day Initiative, a security vulnerability reporting initiative funded by HP, recently announced a vulnerability affecting Internet Explorer 8 (and possibly other versions).
The vulnerability was originally discovered and reported to Microsoft in October 2013, and confirmed by Microsoft in February 2014. Since Microsoft has not yet issued a patch, ZDI announced the vulnerability in keeping with their disclosure policy.
Anyone using Internet Explorer is strongly encouraged to install and use Microsoft EMET, which will help to mitigate this vulnerability.
Update 2014May25: Despite some reports to the contrary, Microsoft is planning to fix this vulnerability. The problem only seems to affect IE8, and no exploits have yet been seen in the wild.
Adobe has settled into a routine of publishing updates for its software on the second Tuesday on each month, in line with Microsoft’s practices. Today Adobe announced updates for Flash and Reader/Acrobat.
Both the Flash bulletin and the Reader/Acrobat bulletin are a bit light on details, saying only that the updates address critical vulnerabilities in the software.
The release notes for the new version (13.0.0.214) of Flash go into more details, although most of the information is about new features.
As usual, Google Chrome and Internet Explorer on Windows 8.x will be updated automatically and via Windows Update, respectively.
This month’s crop of updates addresses thirteen vulnerabilities in Windows, Office, Internet Explorer, SharePoint and .NET.
There are eight bulletins, with two of them being flagged as Critical.
There are no updates for Windows XP this month, so it looks like Microsoft really has put the final nail in XP’s coffin.
The summary bulletin on the TechNet Security TechCenter has all the gory details. As usual, there’s a friendlier summary on the MSRC blog. The SANS Handler’s Blog has a slightly different take on this month’s updates.
Next Tuesday we’ll find out whether Microsoft is going to stick to its original plan and stop providing Windows XP security updates to us ordinary folks.
According to the Advance Notification post on the MSRC blog, this month’s updates will include eight bulletins, with two of those being Critical. The updates affect the usual suspects, including Windows, Office, Internet Explorer and .NET.
The more technical Advance Notification security bulletin on the TechNet Security Tech Center blog definitely does not list Windows XP anywhere.
boot13