July's Patch Tuesday fixes Windows privilege system

On its July Patch Tuesday, Microsoft released a total of seven patch packages (bulletins). All except one of them close critical vulnerabilities. The company has closed a total of 34 holes in Windows, Internet Explorer, Office and many other products, among them the Windows kernel vulnerability that has affected the Windows privilege system for over a month.

Microsoft patch packages

Google security expert Tavis Ormandy discovered the kernel hole in May and didn't wait too long before disclosing details of it on the net. Shortly afterwards, an exploit followed that opens a Windows prompt at system privilege level – regardless of the user's actual privilege level. The hole, with CVE identification number CVE-2013-3660, affects all versions of Windows. 

Microsoft didn't warn its customers about the security problem ahead of the patch day despite, according to the company, the hole being exploited for targeted attacks. Talking to The H's associates at heise Security since the disclosure, Microsoft had only said that it was investigating the problem and was working on a solution. Patch bulletin MS13-053 closes further critical security holes, including an issue in the code for processing TrueType fonts, and should be installed as soon as possible.

July's Patch Tuesday fixes Windows privilege system | The H Security