Only four bulletins in July’s Patch Tuesday, but patching a not insignificant 22 vulnerabilities. Only one of the bulletins is classified “critical”: MS11-053. This should be taken seriously as it can allow remote command execution to clients on Windows 7 and Windows Vista. This could affect both consumer and corporate users.
In addition, wireless vulnerabilities like this one (MS11-053) are always considered quite sexy because if successfully exploited they allow attackers to do anything they want to the machine through Bluetooth wireless devices. To successfully exploit this vulnerability an attacker may need specialized equipment to actually transmit the specially crafted Bluetooth traffic. This should concern users who have internal Bluetooth devices or people that use after-market Bluetooth headphones, mouses, keyboards, and printers through USB. The problem with Bluetooth is that often people have their Bluetooth devices activated and are totally unaware that they are transmitting.
For companies that require remote workers to connect via VPN or directly to their office for updates, it is essential that all Bluetooth users are made aware of the risks and limit their Bluetooth usage until theycan be patched.
We can expect more Bluetooth related bugs popping up due to projects like Project Ubertooth, which is enabling security researchers to experiment with Bluetooth hardware and communication. While critical, this vulnerability could be difficult to exploit as generally speaking attackers would need to be in the immediate vicinity of the Bluetooth device to compromise it; however, there are devices known as “Bluetooth Sniper Rifles” that enable attacks from greater distances.
Finally, regarding the bulletin for Visio, this is rated “important” and will not affect many people outside corporate circles; however, organizations that are using it will need to be patched, and in the meantime should be wary of Visio files sent from unknown sources.
For more information on July's Patch Tuesday, go here.