MS Patch Tuesday to close kernel holes

Six security updates classified as critical will be patched in the upcoming Patch Tuesday. The advance notice for the updates notes critical remote code execution holes in Microsoft's .NET framework, Silverlight, Office, Visual Studio, Lync and Internet Explorer. Three of the fixes will affect all versions of Windows, one will affect a critical flaw that addresses Internet Explorer.

One of the critical bulletins should be dealing with the kernel problem disclosed by Google researcher Tavis Ormandy at the start of June. The problem originates in the Windows kernel's EPATHOBJ: prFlattenRec function and although he did not initially release an exploit, one was made available later and modules for Metasploit were also created. One privilege escalation flaw, classified as important, is also going to be fixed in the patch batch; listed as referring to an issue with Windows Defender for Windows 7 and Windows Defender if it has been installed on Windows Server 2008 R2.