Microsoft July Security Updates Mostly Browser-Related

Patch Tuesday includes 53 security updates, including mitigation for the latest side-channel attack.

Microsoft issued a range of security patches today, including its anticipated exploit-mitigation update for the so-called Lazy FP State Restore vulnerability in Intel microprocessors.
Intel late last month disclosed
Lazy FP State Restore
(CVE-2018-3665), the latest speculative execution side-channel vulnerability to be discovered since the first two, Meltdown and Spectre. This class of microprocessor flaws lets an attacker steal data, including cryptographic secrets.
Microsofts
new mitigations
for Lazy FP provide protections from the attack for Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and x64-based Windows 8.1 and 10. Microsoft last month published
information
on the attack, which, like other Meltdown/Spectre-type vulnerabilities, requires the attacker to execute code on the vulnerable computer.
These are all mitigations and not really remediations, says Jimmy Graham, director of product management at Qualys. So they are really just preventing exploitation, even though the vulnerability is still there.
In all, Microsoft issued
53 CVE updates
today, 17 of which were critical. Meanwhile, Adobe released a whopping 105 updates, with the majority of critical ones for Acrobat and Reader. Just one critical vuln fix was issued for the notoriously buggy Flash. Microsoft issued several patches for Flash updates on its platforms as well.
Microsoft patched Internet Explorer (IE), Edge, ChakraCore, Windows, .NET Framework, ASP.NET, PowerShell, Visual Studio, and Microsoft Office and Office Services. Among the critical bugs were memory corruption vulns in IE and Edge browsers, as well as its Chakra platform.
Browsers were the main theme in this months Patch Tuesday, mainly because there were relatively and uncharacteristically few Windows patches, notes Graham. He recommends that organizations prioritize the browser patches for workstations and workstation-type devices. There are systems that could get overlooked [here], like multiuser servers like Citrix. They are behaving like workstations and need to be patched as well, Graham says.
Meantime, Adobes continued high volume of vulnerabilities has echoes of previous Windows problems.
In the past, we saw Microsoft implement mitigations for certain types of vulnerabilities that shut down entire classes of bugs. To address the substantial number of bugs we continue to buy in Adobe products, they may need to take a similar approach, says Dustin Childs, communications manager for Trend Micros ZDI team.
Qualys Graham notes that there were more than 50 critical CVEs associated with Acrobat and Reader.
Related Content:
Microsoft Office: The Go-To Platform for Zero-Day Exploits
New Spectre Variants Add to Vulnerability Worries
Microsoft Fixes Two Security Flaws in Outlook
9 SMB Security Trends

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the
conference
and
to register.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Microsoft July Security Updates Mostly Browser-Related