Microsoft announces July Patches

According to Microsofts announcement of the next Black Tuesday the company plans to release six security bulletins. Three of those are dealing with security holes deemed critical by Microsoft, while the other three are only rated “important”.

Among those three critical vulnerabilities there is one in DirectX. It seems that the Redmond company plugs the holes which are currently attacked in the wild. We detect the JavaScript used to exploit the vulnerability generically up to all currently known versions as “HTML/Shellcode.Gen”. Halvar Flake has a nice writeup in his blog with details of the flaw and shows “how deep the rabbit hole really goes”.

While it stays unclear what the other two Windows vulnerabilities are, there will be updates which wipe out the important security flaws within Publisher from Microsofts Office suite, within VirtualPC and Virtual Server and in the ISA Server. Two of the updates will require a restart, so prepare for some downtime next Tuesday!

Dirk Knop
Technical Editor