News

Nine Security Patches To Come on Tuesday

Expect nine patches in Microsoft's August security update, according to an advanced notification from Redmond, which suggested that five "critical" and four "important" bulletins will be seen on Tuesday.

The potential heavy hit comes after IT pros reel from two off-cycle Microsoft security bulletins released just last week. From a patching perspective, it's as if July slid into August without a break.

The usual suspects are expected to appear in the August slate, including remote code execution (RCE), elevation-of-privilege and denial-of-service risk considerations. All the fixes will be for Windows and related components.

What's unique for this month will be a critical cluster fix involving Microsoft Office, Visual Studio, Internet Security and Acceleration (ISA) Server, and BizTalk Server. This particular security bulletin likely will raise eyebrows among security pros, since Visual Studio and ISA Server were both patched in July.

Critical Patches
Microsoft provided a preview of the five critical fixes expected in its monthly security update.

The first critical fix will be for Office Web Components in Microsoft Office 2000 and 2003, as well as in Microsoft Office Small Business Accounting 2006. However, this fix also relates to Visual Studio .NET 2003, ISA Server 2004 and 2006, plus BizTalk Server 2002. The patch is designed to thwart RCE exploits in all these different products.

The second critical fix will address RCE exploits in supported Windows OS versions ranging from Windows 2000 to Windows Vista, as well as Windows Server 2003 and 2008. It also will plug holes in the Windows Client for Mac, which is a remote desktop function allowing users to connect to Windows-based workstations on a Mac.

Critical fix No. 3 only affects Windows Server 2000 and Windows Server 2003. The fourth critical patch affects all supported Windows OS versions.

The fifth and final critical patch will be for Outlook Express and Windows Media Player on every supported Windows OS version.

Important Patches
Microsoft also provided a peek at some of the important patches to expect next Tuesday.

Important fix No. 1 will have elevation-of-privilege considerations. Left unpatched, hackers may be able to use this vulnerability to promote their user status, or that of their automated proxies, to super-user status on a given system. XP, Vista and Windows Server 2003 and 2008 are all scheduled to get this patch.

The second important bulletin also will be an elevation-of-privilege patch. It will affect every Windows OS except for Windows Server 2008.

The third important item will deal with Redmond's .NET Framework for Vista and Windows Server 2008. It's designed to stave off denial-of-service attacks. Left unpatched, the exploit could leave administrators and Web developers locked out of the system.

The fourth and final fix in the important roster of security bulletins will affect all supported Windows OSes. It's designed to hold RCE exploits at bay in an as-yet-unspecified Windows component.

IT pros can expect to be kept busy with this upcoming August security update. Only the .NET Framework patch will not require a restart, according to Microsoft.

Meanwhile, IT pros can get a jump-start on Redmond's nonsecurity updates coming this month through Windows Update, Microsoft Update and Windows Server Update Services. A good place to start is this knowledgebase article.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Tamper Protection Now Available to Microsoft Defender ATP Subscribers

    The Microsoft Defender Advanced Threat Protection (ATP) E5 subscription plan now has an optional "tamper protection" security feature, Microsoft announced on Monday.

  • Exploring OCR, a New Way To Get Data into Excel

    Microsoft recently added a new optical character recognition feature to Excel that lets users import data from a photograph taken from a smartphone. Here's how to use it.

  • Microsoft Authenticator App To Get Real-Time Phishing Protections

    Microsoft is working on adding capabilities to its Microsoft Authenticator app to help defeat security breaches enabled by advanced attack techniques, including phishing and man-in-the-middle methods.

  • A Quicker Way To Create Hyper-V Inventory Reports

    If you need to generate Hyper-V inventory reports but don't want the hassle of writing your own custom PowerShell script, here is a shortcut.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.