July 06, 2012, 11:15 AM — When Patch Tuesday rolls around next week, Microsoft will address three critical security issues using an improved version of Windows Update that closes a loophole exploited by Flame malware.
That update to Windows Update has been distributed by Microsoft since the middle of last month but missed June's Patch Tuesday. The fix is important because it addresses the flaw that allowed Flame's authors to certify that malware they were sending to victim machines was authenticated by Microsoft, making the malware as trusted as an actual Windows security update.
As for the July security bulletin being released next Tuesday, Microsoft says it is issuing nine security bulletins, three of them critical and designed to shore up vulnerabilities in Windows. One of them also affects Internet Explorer.
Each of the critical bulletins address flaws that if exploited could result in remote code execution on attacked machines. The browser vulnerability affects Internet Explorer 9, the latest version of the software.
While Microsoft policy is not to reveal ahead of time what vulnerabilities are being addressed in its security bulletins, security experts have some idea what may be included.
"Bulletin 1, rated 'critical,' affects all versions of Windows, and we expect it to address the XML vulnerability disclosed by Microsoft in June's Patch Tuesday as KB2719615," says Wolfgang Kandek, CTO of Qualys Inc., in a blog. "This bulletin will be the highest priority for users, at least for those who did not apply Microsoft's FixIt supplied in the advisory."