Microsoft system administrators need to brace themselves for today's Patch Tuesday, when Redmond will run several critical updates affecting every version of Windows running on any type of hardware.
In the Advance Notification issued last week, Microsoft alerted customers that the July release of security updates will include six "critical" updates that will require every version of Windows, from Windows XP all the way up to 8.1, to be patched by administrators. Updates will also impact as Internet Explorer, Lync, Silverlight, and the .NET Framework.
The patches carry unusual significance, Paul Henry, security and forensic analyst with Lumension, told CRN:
This is one of the uglier releases we've seen from Microsoft this year. To say that all Microsoft products are affected and everything is affected critically is not an understatement. It's difficult to prioritize one or two because all the bulletins are significant this Patch Tuesday.
The unusually high number of critical updates will bring Microsoft's yearly total to 22. The company ended 2012 with 34 critical flaws overall.
The six bulletins listed as critical all deal with remote code execution, which can give hackers and malware writers the ability to assign themselves as administrators on Windows systems and install malware without user permission or alerting security systems.
The seventh bulletin is rated as "important." It allows hackers to elevate their privileges by exploiting Windows Defender running on Windows 7 or Server 2008 R2.
Several of the updates address a zero-day flaw identified and publicized by Google researcher Tavis Ormandy, which identified a problem in the kernel of Windows 2000 and above that affects the user privileges of the logged-on user. Microsoft is also expected to issue a number of non-security related fixes to its Surface Pro and Surface RT tablets.
Microsoft typically keeps details of security flaws and fixes confidential until patches are released, which should happen around midday today. A webcast discussing the technical details of the bulletins is planned for Wednesday, July 10, at 11:00 a.m. PT to allow customers to ask questions.