Microsoft's July Patch Tuesday 'Ugly', Expert Says

Dennis Faas's picture

Another Patch Tuesday, another 'critical' update for Internet Explorer. This month's Patch Tuesday provides fixes for a total of seven security issues, the most important of which involves Microsoft's popular web browser.

Microsoft says its Patch Tuesday fixes affect most versions of the Windows operating system, the .NET Framework, Silverlight, the Office software suite, Visual Studio, and Internet Explorer (IE).

Each of these security bulletins is marked 'critical,' which is Microsoft's highest security rating.

A seventh bulletin has been marked 'important' and is associated with Microsoft's Windows Defender, the free security software (also known as Security Essentials) that now ships with the Windows 8 operating system.

'Critical' Fix Addresses IE Zero-Day Flaw

However, the most crucial security bulletin affects a problem with Internet Explorer.

According to Wolfgang Kandek, a security expert at Qualys, the critical fix issued by Microsoft addresses an Internet Explorer zero-day security flaw found in Windows XP, Windows Vista, Windows 7, Windows 8, Windows RT, and Windows Server 2003 and 2008.

The vulnerability, which has been given the technical title CVE-2013-3660, has been referred to as "a publicly known issue in the kernel-mode drivers component of Windows." (Source:

July Patch Tuesday 'Ugly,' Security Expert Says

Overall, this Patch Tuesday features an average number of security bulletins. However, because so many of those bulletins are marked 'critical,' many security experts are alarmed.

"This is one of the uglier releases we've seen from Microsoft this year," said Lumension security analyst, Paul Henry.

"To say that all Microsoft products are affected and everything is affected critically is not an understatement. It's difficult to prioritize one or two because all the bulletins are significant this Patch Tuesday."

According to Rapid7 security engineering senior manager Ross Barrett, that means it's "going to be a busy month for security teams everywhere." (Source:

This month's Patch Tuesday now brings the total number of 'critical' updates released in 2013 to 22.

Microsoft plans to release the security updates on July 9 at 10am Pacific Time.

Rate this article: 
No votes yet