Microsoft’s July Patch Day is live and ready for download, so go grab those updates. I recommend you work on the Windows Kernel-mode driver and .NET one’s first.
According to their summary post, Microsoft released seven security bulletins today, six of which they rate as Critical. The bulletins include updates to fix 36 vulnerabilities in many popular Microsoft products, including Windows, Internet Explorer (IE), Office, the .NET Framework, Silverlight, and Defender. Attackers are exploiting at least one of these flaws in the wild.
I always recommend you apply Microsoft’s Critical updates as soon as possible, but there are two in particular that you should jump on immediately. The first fixes vulnerabilities in Windows’ kernel-mode driver (MS13-053), which was disclosed awhile ago by a Google researcher. The researcher has already released proof of concept (PoC) code for this flaw, and Microsoft is aware of attackers leveraging it in targeted attacks. Next, you should also apply Microsoft’s .NET Framework and Silverlight patch quickly, since at least two of its flaws were disclosed in detail before today’s updates came out.
That’s not to say you should lax-off on the other updates. I think the IE patch is pretty important too; as are any updates Microsoft rates Critical. So I’d recommend you apply all six of the Critical updates today if you can. Of course, I still recommend you test Microsoft’s updates in a non-production environment before pushing them to any critical production server. It may be ok to quickly patch client machines without testing, but you don’t want any surprises with your critical servers.
We’ll share more details about Microsoft’s bulletins in upcoming alerts, posted throughout the day. We’ve posted Microsoft update matrix below, for your convenience. — Corey Nachreiner, CISSP (@SecAdept)