Microsoft plan 'low-key' patch Tuesday

No ‘critical’ fixes for July…

Microsoft is planning to issue a relatively low-key monthly security update this month. The July instalment of the Patch Tuesday update will contain four bulletins, each addressing vulnerabilities rated ‘important’, the third of Microsoft’s four security alert levels. If no new bulletins are added before the release on 8 July, it will be the first month since the update-free March 2007 in which Microsoft has not released a fix for a ‘critical’ vulnerability.

Of the four bulletins due to be released, only one addresses an issue which could allow for remote code execution, a common target for malware attacks. Microsoft did not specify the exact location of the flaw, but said that it arises only in Windows Vista and Server 2008 systems. Two of the bulletins repair vulnerabilities that could be used by an attacker to obtain elevated privileges on a targeted system. One of the bulletins affects only Exchange Server, while the second will be issued for the SQL components in Windows 2000, Server 2003 and Server 2008. The fourth bulletin will address a flaw in Windows 2000, XP Server 2003 and Server 2008.

The July security update is expected to be released next Tuesday during US business hours.