Microsoft issued its advanced bulletin notification for its July 2012 Patch Tuesday this week. The software maker says it will release nine patches in total next Tuesday, with three of them rated critical and six listed as important. Out of the three critical patches, one will address a vulnerability that affects Internet Explorer 9. "It doesn't affect IE9's predecessors, which means that it was introduced in the latest iteration of the browser," explains Marcus Carey, security researcher at Rapid7. "If you are running IE9, you should definitely apply this patch."
The two other critical bulletins could allow malicious users to remotely execute code on Windows operating systems, including all supported server and client versions. "Many are expecting a patch for CVE-2012-1889: a vulnerability in Microsoft XML Core Services, which is currently being exploited in the wild," says Carey, but it's not clear whether this particular issue will be addressed in the July Patch Tuesday release.