Microsoft’s July Patch Tuesday security event is next week and it is set to deliver at least nine patches. Of those patches three are rated as being critical, while six get the important label.
At the top of the critical list is Bulletin 1, which researchers suspect could be an XML vulnerability that is currently being exploited in the wild. eSecurity Planet has independently confirmed that one of the bulletins Microsoft expects to release on Tuesday is in fact the XML security issue. The flaw is related to the MSXML issue that Microsoft first disclosed Security Advisory 2719615 back in June.
That flaw is a remote code execution vulnerability in Microsoft XML Core services and could potentially enable an attacker to execute arbitrary code. As part of the June Patch Tuesday update, Microsoft issued a ‘fixit’ tool, however a formal patch was not made available.
Over the course of the last month, the vulnerability has been used in attacks.
“We have seen it actively exploited in the wild,” Chester Wisniewski, senior security researcher at Sophos told eSecurity Planet. “Not in a widespread fashion, but it is certainly available for budding hackers to exploit.”
One of the ways that hackers can simply take advantage of the MSXML flaw is by way of the open source Metasploit penetration testing tool.
“The release of the Metasploit module for the MSXML flaw makes it much easier now to include the exploit in an exploitkit, and I have heard of at least one sighting of the exploit embedded in BlackHole already,” Wolfgang Kandek, CTO of Qualys told eSecurity Planet. “So while we do not have infection numbers, we think of the MSXML flaw as high priority.”
While MSXML is likely to be the top priority flaw fixed next Tuesday, Bulletin 2 is also likely to be very high on Microsoft users’ priority lists. Kandek expects that Bulletin 2 is for Internet Explorer (IE) which would be a deviation from Microsoft’s standard practice of bi-monthly IE updates. The June Patch Tuesday update delivered 13 fixes for various IE vulnerabilities.
The July Patch Tuesday update will also mark the formal debut of an improved Windows Update client. Kandek noted that the new client has improved security measures.
“The changes are related to the Flame malware that came up with a sophisticated certificate collision attack and was able to abuse Microsoft’s update service to infect its targets,” Kandek noted in a blog post.
Sean Michael Kerner is a senior editor at eSecurity Planet and InternetNews.com, the news service of the IT Business Edge Network, the network for technology professionals Follow him on Twitter @TechJournalist.