Microsoft to Issue 7 Security Patches
Microsoft plans to release 7 security bulletins as part of its July 11 Patch Tuesday, the company said Thursday. Four of the updates are for Windows, with the most severe being rated as "critical." Three other patches are directed at Office, also with a maximum severity of "critical."
Although Microsoft does not disclose in advance what flaws are to be patched, two vulnerabilities in Excel are likely to be among the fixes. One issue relates to maliciously crafted spreadsheet files that could lead to a full system compromise, while the other relates to hyperlinks in Excel documents.
Two security flaws affecting Internet Explorer were also reported last week, including a cross-site scripting issue where an attacker could view information in an open browser window from another that is visiting a malicious site.
A second more serious flaw involves how HTA applications are handled. A user could be tricked into opening a malicious file, which in turn could execute code. The file would need to be accessed through SMB or WebDAV in order for the issue to be exploited.
Microsoft said last week that it was investigating the issues, but it's not clear if the company has had time to develop and properly test a fix.
Along with the 7 security patches, Microsoft will release one high-priority non-security update that is not for Windows. Per usual, the Redmond company will also deliver an update to its Malicious Software Removal Tool on Tuesday.