Microsoft is updating its Patch Tuesday releases to give customers and security software firms advanced notice before hackers can exploit holes in Windows code.
“Microsoft will be giving select companies like Trustwave a few extra days of advance notification for the upcoming month of bulletins so that we have a little extra time to develop protections for our customers before the bad guys can reverse engineer the patches and come out with exploits,” said Ziv Mador, director of security research at Trustwave.
Microsoft is also providing lists of malicious URLs, file hashes, incident data and relevant detection guidance as part of the revamped programme.
The latest Patch Tuesday release is likely to keep IT managers busy during the summer lull, with three critical updates included.
Microsoft said the critical patch to Internet Explorer security resolves 11 privately reported vulnerabilities. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer.
The second critical patch is designed to fix the Unicode Scripts Processor bug, which could allow remote code execution if a user views a specially crafted document or web page with an application that supports embedded OpenType fonts.
The third critical patch is for Exchange Server, which resolves three publicly disclosed vulnerabilities. The vulnerabilities exist in the WebReady Document Viewing and Data Loss Prevention features of Microsoft Exchange Server. Microsoft said the vulnerabilities could allow remote code execution in the security context of the transcoding service on the Exchange Server if a user previews a specially crafted file using Outlook Web App.
There are also several “important” patches to Windows Server, which, according to Mador, would require servers to be rebooted.