Every Patch Tuesday, my inbox fills up with commentary from patch management experts on Microsoft's latest fixes. Rather than toss them aside, I like to run their analysis as is. With that, here's the July 2012 breakdown, in which Microsoft released nine bulletins addressing 16 vulnerabilities:\tJason Miller, Manager of Research and Development, VMware\t\t\tThe most important bulletin this month that administrators should look at addressing first and foremost is the Security Bulletin addressing a Zero-Day vulnerability in Microsoft XML Core Services (MS12-043).\u00a0 During the June 2012 Patch Tuesday, Microsoft released a Security Advisory stating they were aware of active, but limited, attacks against vulnerability in Microsoft XML Core Services.\u00a0 In the past week, the code for this exploit has been made public, making this patch even more important in terms of severity.\u00a0 With this vulnerability, a user who browses to a malicious website with Internet Explorer can result in Remote Code Execution.\t\t\tWith the Security Advisory release, Microsoft offered their customers a few workarounds to mitigate the risk of an exploit happening on customer machines.\u00a0 If you have applied the workaround to disable Active Scripting in Internet Explorer, administrators may want to remove this locked down setting after applying the patches for this bulletin to return functionality to their users.\u00a0 A second option Microsoft provided to their customers is a FixIt tool that locked down MSXML with the Enhanced Mitigation Experience Toolkit (EMET).\u00a0 With this scenario, administrators should investigate whether to leave this lock down in place as it should not (in most cases) interfere with their users\u2019 day-to-day browsing functionality.\t\t\tThere is one last note with MS12-043 that administrators should be aware of:\u00a0 Microsoft XML Core Services 5.0 contains the vulnerability, but a security bulletin has not been published for this version of the software.\u00a0 Microsoft is still testing the code fix for the vulnerability and will make the patch available when it is ready.\u00a0 Look for this patch to be available within the next two weeks or in the August 2012 Patch Tuesday.\t\t\tOutside of MS12-043, there are two other bulletins that administrators will want to turn their focus on.\u00a0 Both of these bulletins continue the trend of vulnerabilities that can be exploited through web site browsing.\u00a0 Web browsing attacks through malicious websites is still the most common active attack.\t\t\tWe are seeing for the first time in a long time that Microsoft has gone consecutive months with a Cumulative Security Update for Internet Explorer.\u00a0 Typically, we can expect an update to Microsoft's Internet Explorer browser every other month.\u00a0 Microsoft has released Security Bulletin MS12-044, a patch for Internet Explorer version 9, to address 2 vulnerabilities.\u00a0 If a user browses to a malicious website with Internet Explorer 9, the attack could result in Remote Code Execution.\t\t\tContinuing with the browser based attacks this month Microsoft released Security Bulletin MS12-045.\u00a0 This security bulletin addresses two vulnerabilities with Microsoft Data Access Components (MDAC).\u00a0 Similar to the previous security bulletins mentioned, navigating to a malicious website with an unpatched system can result in Remote Code Execution.\u00a0 In addition, a user opening a Microsoft Office document with a malicious embedded ActiveX control can result in Remote Code Execution.\t\t\tMicrosoft also released two new security advisories.\u00a0 Microsoft Security Advisory 2719662 is showing how Microsoft is assisting administrators on hardening their network.\u00a0 Windows Vista and Windows 7 both include Windows Gadgets and Windows Sidebar.\u00a0 Both of these technologies could allow a user to load a malicious plugin.\u00a0 Microsoft has provided administrators a FixIt tool that disables Windows Gadgets and Windows Sidebar.\u00a0 It appears Microsoft is taking a more proactive approach to "patching" versus the older their older model of patching.\u00a0 As I state in all of my monthly webinars, if you do not use a program, remove it from the computer.\u00a0 This FixIt tool is another example of reducing the vulnerability landscape on computers.\t\t\tWith the other Microsoft Security Advisory (KB2728973), Microsoft released even more updates for their hardening of digital certificate effort.\u00a0 I will be talking later this week on this subject.\tJim Walter, manager of the McAfee Threat Intelligence Service (MTIS) at McAfee Labs:\t\t\t"The Internet Explorer update should be highlighted based on ease-of-exploitation for older-versions of the browser,\u201d said Jim Walter, manager of the McAfee Threat Intelligence Service (MTIS) at McAfee Labs. \u201cThat being said, the real star of the show is MS12-043 (XML Core Services). This flaw started out as an out-of-band advisory in early June. This particular issue (CVE-2012-1889) is actively being exploited in the wild, and has been for some time.\u00a0 McAfee is among the Microsoft partners listed as having released protections within 48 hours of the original disclosure of this flaw. \u00a0Another interesting inclusions, despite it being rated as 'Important' is MS12-051 which affects Microsoft Office for Mac. In May 2012 this privilege escalation flaw (specific to certain builds of Office for Mac) began lighting up on various forums and blogs."\t\t\tMcAfee recommends that users install Microsoft\u2019s patches as soon as possible. Home users should use Windows Automatic Updates. Microsoft has also included additional mitigations which McAfee Labs recommends all users, whether corporate or home, look closely at.\t\t\tBusiness users need to have a risk management strategy in place to prioritize the patches. McAfee provides enterprises with endpoint and network based security technology as well as risk and compliance tools to shield against cyberattacks and allow organizations to patch on their own time.\tMarcus Carey, security researcher at Rapid7:\t\t\t\u201cThe Microsoft Security Bulletin Summary for July 2012 contains nine security bulletins addressing 16 CVEs. Three of the bulletins are rated critical and the other six are rated important. All of the critical bulletins address vulnerabilities where a victim could be exploited if they visit malicious web pages, and should serve as a warning that organizations will continue to face client-side browser related attacks.\t\t\tMS12-043 addresses a vulnerability that is currently being exploited in the wild, and Microsoft predicts that MS12-044 and MS12-045 could also have reliable exploit code available within 30 days. Exploits targeting these vulnerabilities will likely be added to mass malware kits such as the Blackhole Exploit Kit once reliable exploit code is available.\t\t\tMS12-043 addresses the CVE-2012-1889 vulnerability that is actively being exploited in the wild. Organizations should be aware that this update only patches MSXML versions 3, 4, and 6. All active exploitation has been leveraging attacks against MSXML version 3.\u00a0 MSXML version 5 will be addressed in a future security update, which means organizations should apply the interim fix provided with Microsoft Knowledge Base Article 2719615 in the meantime (https:\/\/support.microsoft.com\/kb\/2719615).\t\t\t\u00a0MS12-044 is a critical cumulative Security Update for Internet Explorer. This is a critical bulletin that patches vulnerabilities that only affect Internet Explorer version 9. Since Internet Explorer versions 6, 7, and 8 are not affected, it indicates that this is a new vulnerability introduced with the new code base of version 9.\t\t\tMS12-045 is a critical bulletin that patches vulnerabilities in Microsoft Data Access Components (MDAC). It appears that this vulnerability could be used to compromise any application that leverages MDAC, if the victim visits a malicious URL.\t\t\tThe three critical bulletins should be tested and patched as soon as possible. Of the important bulletins, MS12-046 and MS12-048 should be next on everyone's \u201cMust Patch\u201d list. MS12-046 and MS12-048 can both exploit victims who navigate to malicious WebDAV or SMB shares and opens malicious files in the malicious directory. These two bulletins are primed for spear phishing attacks.\t\t\tMS12-046 addresses a DLL Preloading vulnerability related to Visual Basic for Applications [VBA]. There are targeted attacks in the wild that are exploiting this vulnerability. In regards to MS12-048, Microsoft predicts reliable exploit code will be developed within 30 days.\t\t\tAfter MS12-046 and MS12-048 businesses can focus on the rest of the bulletins.\u201d\tPaul Henry, security and forensic analyst at Lumension:\t\t\tIT administrators will have to deal with more fireworks this month with Microsoft\u2019s Patch Tuesday. This month there are 9 patches, 3 of which are critical and 6 important. This is more than double last year\u2019s July patches: 4 total, with only 1 critical. This puts Microsoft at 51 bulletins for 2012, about on par with 2011, which saw 56 bulletins at this time last year.\t\t\tLooking at the bulletins, the first thing that jumps out is they impact the entire family of products, from XP all the way to 2008. This is a strange mix of patches, impacting both legacy and current generation software with critical issues. The suggested orders of priorities are MS12-043, MS12-045 and MS12-044 followed by the balance of the important bulletins released this period.\t\t\tCritical issues:\t\t\t\t\t\tMS12-043 (MSXML) Addresses 1 CVE in XML Core Services that is currently being actively exploited in IE attacks. It is rated as critical because it can provide for remote code execution. The patch is applied across the board for all current Microsoft\u2019s operating systems and may require a restart. It should be noted that in June, Microsoft issued Security Advisory 2719615 that provided a \u201cFixIt\u201d that blocked the IE vector for the related attack.\t\t\t\t\tMS12-044 (IE) Addresses 2 CVE issues that can provide for remote code execution with Internet Explorer 9. It is rated as critical for both Vista and Windows 7 and will require a restart.\t\t\t\t\tMS12-045 (MDAC) Addresses 1 CVE issue that is critical for XP, Vista and Windows 7 but is rated only as moderate for Windows 2003 and 2008. It is important to note that while the patch is applied to the operating system, the actual vector for exploitation of the vulnerability is via Internet Explorer.\t\t\t\tThe remaining bulletins are all rated important and impact a wide range of Microsoft products.\t\t\t\t\t\tMS12-046 (VBA) Addresses 1 CVE issue that impacts Microsoft Office for 2003, 2007 and 2010, as well as Visual Basic and may require a restart.\t\t\t\t\tMS12-047 (KMD) Addresses 2 CVE issues that were not fully addressed with the similar patch released in May 2012.\t\t\t\t\tMS12-048 (Windows Shell) Addresses 1 CVE issue and while it can provide for remote code execution, it requires a very targeted attack vector according to Microsoft.\t\t\t\t\tMS12-049 (TLS) Addresses 1 CVE issue that could be used to facilitate a man-in-the-middle (MITM) attack vector against TLS\/SSL.\t\t\t\t\tMS12-050 (Sharepoint) Addresses 6 CVE issues that could provide for an escalation of privilege \u2013 most are XXS related.\t\t\t\t\tMS12-051 (Office for MAC) Addresses 1 CVE issue that could provide for an escalation of privilege.\t\t\t\tSecurity Advisories\t\t\tSecurity advisories included in July\u2019s Patch Tuesday include one that adds additional certificates to the untrusted store (effectively revoking them) and an advisory that provides for the disabling of the Windows Vista Sidebar.\u00a0 This advisory addresses an issue where users can currently install \u201cGadgets\u201d in Sidebar from untrusted sources. It is important to note that if you disable the Sidebar you effectively disable all installed Gadgets.