Microsoft alerted us this time about seven vulnerabilities of which five were rated critical and two important.
There are vulnerabilities in the Server service, the DHCP Client service, Excel and Office that could allow remote code execution.
A vulnerability in ASP.NET could allow an attacker to bypass ASP.Net security and gain unauthorized access to objects in the Application folder explicitly by name. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system.
A vulnerability in Microsoft Internet Information Services using Active Server Pages could allow an attacker to take complete control of an affected system. Note that the attacker must have valid logon credentials, but if a server has been purposely configured to allow users, either anonymous or authenticated, to upload web content such as .ASP pages to web sites, the server could be exploited by this vulnerability.
Users are recommended to update as soon as possible.
If you want more information about these Security Bulletins do check out the TechNet Webcast that will present a brief overview of the technical details of the July security bulletins followed by an extensive Q&A session that will give you the opportunity to ask questions and get answers from Christopher Budd, CISA, CISM, CISSP, ISSMP Security Program Manager, PSS Security, Microsoft Corporation.