News

9 Fixes Scheduled for Microsoft's August Security Update

Microsoft's August Patch Tuesday release will feature nine bulletin items, with five being rated "critical", according to Microsoft's Security Bulletin Advance Notification.

Microsoft's OS is the largest target of this month's batch of fixes, as three of the five critical items and two "important" bulletins feature tweaks for multiple versions of Windows.

"It's a busy Patch Tuesday this month, with lots of reboots, affecting all versions of Windows," commented Paul Henry, Security and Forensic Analyst for security firm Lumension. "No one gets a break this month. Some of the updates this month will have far reaching impact and they include patches to new problems, updates to old problems and something that might cause you a little more work than you might have been anticipating this month."

All five critical items and three of the five important bulletins address remote code execution flaws, while a lone elevation of privilege fix for Windows makes up the final item.
Along with Windows, Microsoft Office, Internet Explorer, SQL Server and Microsoft Developer Tools will be targeted for this month's update.

Security experts are advising that IT prioritizes bulletin 5 to the top of the list on Tuesday, as it addresses a known problem with the Oracle software Outside In, which is licensed in Exchange.

This [bulletin] is interesting from an exploitation standpoint because Exchange servers are usually exposed on the Internet," said Marcus Carey, security researcher at Rapid7, in an e-mailed statement. "When attackers hear 'remote code execution on Exchange' it's music to their ears. They could see potential for remote discovery, remote exploitation and propagation of attacks since Exchange is the epicenter of most organizations' communications. Email servers are prime targets for exploitation."

Look for more information on August's Security Update once released this Tuesday around 10 a.m. PST.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Previews Windows Autopilot for HoloLens 2

    Microsoft on Friday announced a public preview of Windows Autopilot for HoloLens 2, its mixed-reality headset.

  • Microsoft Flirts with Charging for API Software Connections

    Microsoft may have started something new by attempting to charge its customers for software that uses its application programming interfaces (APIs).

  • Overcoming Spacesuit Anxiety During Astronaut Training

    Spacesuits are heavy, claustrophobic and hot -- an uncomfortable combination for many would-be astronauts. Here's how Brien came around to the idea of wearing one.

  • Microsoft Announces Azure Kubernetes Service Enhancements

    Microsoft this week announced a few Azure Kubernetes Service (AKS) product milestones as part of the KubeCon event.

comments powered by Disqus