Microsoft Patch Tuesday to close kernel hole
Seven security updates, six of them classified as critical by Microsoft, will be closed on the upcoming patch Tuesday. The advance notice for the updates notes critical remote code execution holes in Microsoft's .NET framework, Silverlight, Office, Visual Studio, Lync and Internet Explorer. All versions of Windows are affected by at least three of the critical holes and all versions of Internet Explorer are affected by the critical flaw addressed by one of the fixes.
One of the critical bulletins should be dealing with the kernel problem disclosed by Google researcher Tavis Ormandy at the start of June. The problem originates in the Windows kernel's
EPATHOBJ::pprFlattenRec function and although he did not initially release an exploit, one was made available later and modules for Metasploit were also created. One privilege escalation flaw, classified as important, is also going to be fixed in the patch batch; listed as referring to an issue with Windows Defender for Windows 7 and Windows Defender if it has been installed on Windows Server 2008 R2.
Note: This item has been edited to better reflect what is known about which flaws are fixed in which bulletins.