Microsoft Readies 'Critical' Updates for Windows, IE and Exchange for August Patch
Microsoft's light monthly update will feature a majority of fixes for Windows.
As with every Thursday before Microsoft's Patch Tuesday release, Redmond has sent along its purposely vague information on what IT can expect for the upcoming security update.
This month will feature three bulletin items rated "critical" and five designated "important." The most noteworthy of the three is a Windows XP and Windows Server 2003 bug that can be remotely executed if gone unpatched. With official support for Windows XP ending in April 2014, this looks to be one of the final fixes for the aging OS. Those not running XP will be excused from this update.
Keeping its streak alive, this month also features yet another critical Internet Explorer fix on all versions of the Microsoft browser. It's advised that IT get this one rolled out as soon as possible due to the relative ease it is to exploit, especially if employees' security browsing habits are less than safe.
Finally, the third is a somewhat rare fix for Exchange -- a remote code execution issue found in all versions.
The five important items look to address elevation of privilege, denial of service and information disclosure flaws all found in different versions of Windows.
While only coming packed with three critical security fixes for the month (two if you've already moved off XP) puts August's patch on the lighter side, 2013 has been a busy year for both Microsoft's security team and IT pros. Paul Henry, security and forensics analyst at Lumension, breaks down the numbers for us:
"With 8 bulletins today, Microsoft's year-to-date total is 65 patches," said Henry in an e-mailed response. "For anyone keeping track, that's seven more than what we had covered off on last year at this time. At the start of the year, we anticipated higher numbers in 2013 given Microsoft's commitment to cleaning up the low hanging fruit out there. Last year at this time there were 35 important patches issued; we now see 40. Our criticals in 2013 number 25 with 35 in total for 2012. Good news there."
As always, look for more details and the actual patch to land on Tuesday morning.