News

9 Fixes Scheduled for Microsoft's August Security Update

Microsoft's August Patch Tuesday release will feature nine bulletin items, with five being rated "critical", according to Microsoft's Security Bulletin Advance Notification.

Microsoft's OS is the largest target of this month's batch of fixes, as three of the five critical items and two "important" bulletins feature tweaks for multiple versions of Windows.

"It's a busy Patch Tuesday this month, with lots of reboots, affecting all versions of Windows," commented Paul Henry, Security and Forensic Analyst for security firm Lumension. "No one gets a break this month. Some of the updates this month will have far reaching impact and they include patches to new problems, updates to old problems and something that might cause you a little more work than you might have been anticipating this month."

All five critical items and three of the five important bulletins address remote code execution flaws, while a lone elevation of privilege fix for Windows makes up the final item.
Along with Windows, Microsoft Office, Internet Explorer, SQL Server and Microsoft Developer Tools will be targeted for this month's update.

Security experts are advising that IT prioritizes bulletin 5 to the top of the list on Tuesday, as it addresses a known problem with the Oracle software Outside In, which is licensed in Exchange.

This [bulletin] is interesting from an exploitation standpoint because Exchange servers are usually exposed on the Internet," said Marcus Carey, security researcher at Rapid7, in an e-mailed statement. "When attackers hear 'remote code execution on Exchange' it's music to their ears. They could see potential for remote discovery, remote exploitation and propagation of attacks since Exchange is the epicenter of most organizations' communications. Email servers are prime targets for exploitation."

Look for more information on August's Security Update once released this Tuesday around 10 a.m. PST.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

  • Most Microsoft Retail Locations To Shut Down

    Microsoft is pivoting its retail operations to focus more on online sales, a plan that would mean the closing of most physical Microsoft Store locations.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.