WebProNews

Scary issues mitigated by other factors

Windows users and system administrators should breathe a little sigh of relief as Microsoft's light package of patches for July, but a recently discovered Critical problem with Snapshot Viewer still lacks a solution.

Only four July security bulletins emerged from Microsoft during their monthly patch cycle, affectionately known as Patch Tuesday. All of the bulletins received a rating of Important, meaning Windows users were spared from the threat of more dangerous Critical issues for this month, anyway.

Some have demonstrated in the past how fast an exploit for a revealed flaw might come into being. The development cycle for malware aimed at newly-disclosed flaws tightened considerably over the past few years.

Being slow to update a system, or even forgoing such security updates, left those systems exposed to exploits created to affect flaws. Automatic updates, when enables, brings in patches much faster.

This time around, Microsoft corrected a pair of privately-disclosed vulnerabilities in Outlook Web Access, both of which posed privilege elevation threats. A person with significant rights on their Windows machine hit by an attacker, who could then elevate his privileges to match the user's, could experience a lot of problems from a malicious party.

Microsoft also provided fixes for Windows Explorer, SQL Server, and the Windows Domain Name System. Though rated Important, the Windows Explorer issue started with a publicly disclosed vulnerability.

That problem posed a remote code execution threat, though not one as serious as others that have been corrected in the past. DNS required a fix to stop potential spoofing, a dangerous condition where an attacker redirects web traffic while the user thinks he is visiting a legitimate site.

SQL Server saw a quartet of issues resolved. The worst of those would have enabled a certain attack to allow for complete control of a targeted system, if successful.