July 10, 2012 at 1:28 PM ET
Microsoft will be pushing out nine fixes for all supported versions of Windows later Tuesday. Three of the fixes are rated "critical," including one for Internet Explorer 9, the latest release of Microsoft's Web browser.
"Usually, Microsoft patches IE every other month, and we just got a cumulative update in June. That's why it's so surprising to see that IE9, the 'most secure' version of IE, will be patched next week," Andrew Storm, security chief for San Francisco risk-management firm nCircle, told PC World. "It's pretty safe to say this bulletin will patch something pretty serious."
(Msnbc.com is a joint venture ofMicrosoft and NBCUniversal.)
The IE9 patch is critical for Windows Vista and Windows 7, and "moderate" for both versions of Windows Server 2008. IE9 does not run on Windows XP or Windows Server 2003.
One of the other two critical updates applies to XP, Vista, 7, Server 2003 and both versions of Server 2008.
"We expect it to address the XML vulnerability disclosed by Microsoft in June's Patch Tuesday," Wolfgang Kandek, chief technology officer of Redwood City, Calif., security firm Qualys, told CSO Online.
Kandek was referring to a Windows flaw, discovered last month by Google researchers, that Google said was being exploited by "state-sponsored attacks." Until now, Microsoft has only been able to offer a work-around.
The third critical vulnerability applies mainly to XP, Vista and 7, and is moderate for server editions. As with the other patches, Microsoft did not specify what the vulnerabilities were.
The other six updates are rated "important" and address flaws in all versions of Windows, as well as in Microsoft Office 2003-2010 and Microsoft InfoPath, a software application to build electronic forms.
Critical updates patch security holes that could allow remote operation of applications or other software without any warning or prompt to the user, and Microsoft urges that the patches be applied immediately.
Important updates patch flaws that could allow compromise of user data, and in which the user is alerted beforehand. Microsoft recommends applying important patches "at the earliest opportunity."
Moderate updates are for those in which a vulnerability's impact is lessened by "authentication factors" or by applying only to nonstandard installations. Microsoft "recommends that customers consider" installing moderate patches.
Copyright 2012 SecurityNewsDaily, a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
Copyright 2013 TechNewsDaily, a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.