Microsoft fixes 22 flaws in July Patch Tuesday security update

Microsoft has posted four bulletins in its latest monthly security release containing fixes for 22 flaws in Windows and Office.

One of the flaws has been classified as a 'critical' security risk, while the remaining three have been classified as 'important'.

The critical patch addresses a flaw in the Windows Bluetooth Stack component. If an attacker were to target a system with specially-crafted Bluetooth packets, a vulnerable system could be compromised to give an attacker full control, including the ability to create new accounts and execute code.

The majority of this month's flaws are addressed in two Windows bulletins addressing 15 flaws in Windows Kernel-Mode drivers and five in the Windows Client/Server Run-Time subsystem.

If exploited, the flaws could allow an attacker to obtain elevation of privileges on a targeted system.

The final bulletin covers a flaw in Microsoft Visio which could allow remote code execution depending on the access rights of the targeted account.

Microsoft said that the attack would require convincing the user to open a Visio located in the same network directory as a secondary attack file.

The light bulletin load is in contrast to last month's release, which contained 16 bulletins, but experts are urging users and administrators to install the updates as soon as possible.

"Today's Patch Tuesday, though light, should not be ignored as these patches address vulnerabilities that allow attackers to remotely execute arbitrary code on systems and use privilege escalation exploits," said McAfee Labs director of research and communications Dave Marcus.