Twelve Microsoft fixes coming on Patch Tuesday

Microsoft Tuesday will release a dozen new security bulletins for its Windows and Office products, likely including fixes for several outstanding PowerPoint flaws.

It may be a case of the summertime blues for patch managers with Microsoft's announcement that it will release 12 security updates on 8 August.

Specifically, Microsoft will release 10 Windows security bulletins and two for Office, although it is unclear just how many of the 12 security fixes are critical. Some of these will involve critical security holes, according to the pre-release bulletin on the company's TechNet site.

This follows the software giant's July release of seven security problems and June's release of 13 such bulletins.

The 10 Windows updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool, and some updates will require a restart. The two Office updates can be detected using the Baseline Security Analyzer and may also require a restart.

It is likely that one of the Office security patches will be a fix for zero-day PowerPoint flaw that Microsoft said recently was critical enough to merit a fix on or before 8 August. 

When exploited, it arrives by email as a Microsoft PowerPoint document attachment. After a recipient opens the document, the vulnerability is triggered and attackers can then run malicious code on the affected machine.

It's doubtful any of the patches will address a newly discovered Windows vulnerability involving a NULL pointer dereference error in the server drivers, which attackers can exploit to crash a system using a specially crafted network packet.

As is its monthly practice, Microsoft will release an updated version of its Malicious Software Removal Tool and it will host a webcast Wednesday to answer questions IT administrators may have.

"Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released," Microsoft said.

Read more on IT risk management