Microsoft warns on IE9 and Windows Server flaws

Software giant’s Patch Tuesday security update prioritises remote code execution flaws.


Microsoft late yesterday released summaries of 13 bulletins it said would address security flaws across a number of systems as part of its monthly patching cycle.

While nine of the bulletins in the advanced notification

were rated "important" in terms of their threat level and two were rated as "moderate," Microsoft reserved its highest,"critical" threat level for two flaws it said could be used to compromise its browser and server products.

Advertisement - Article continues below

Wolfgang Kandek, chief technology officer at security software firm Qualys, advised enterprises running the affected Windows systems to issue the patches as soon as they become available next Tuesday.

The first critical bulletin affects Internet Explorer(IE) versions 6 to 9 running on Windows 7, Vista, XP, 2008 and 2003 operating systems (OSs). The Microsoft notice said the IE vulnerability it could enable remote code execution for attackers to take control of these systems.

The second critical bulletin the Microsoft is prepping a patch for affects Windows Server OSs. Kandek said: "Server administrators should apply patches immediately as this vulnerability also leads to remote code execution."

The remaining 11 bulletins deal with otherremote code execution vulnerabilities, as well as those that enable elevation of administrative privileges, denial-of-service attacks, and threats to information disclosure.

Advertisement - Article continues below

Of these, Kandek highlighted another remote code execution flaw rated important, affecting Windows 7 and Windows 2008 OSs. As this third bulletin only affects Microsoft's latest OSs, he said it could be could be a little difficult to exploit in comparison to the other two critical flaws.

Advertisement - Article continues below

While also rated important, the remaining remote code execution vulnerability addressed in bulletin four is in Microsoft Office product,Visio.

Kandek advised that his firm had seen other Visio vulnerabilities fairly recently. He recommended: "Include the software in your regular patching cycle and/or have users not using that software remove it from their systems," he said.

This August Patch Tuesday almost halves the number of flaws administrators will have to deal with compared to last month.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now



10 quick tips to identifying phishing emails

16 Mar 2020
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020
operating systems

Report: Apple is aware of iOS 13 hotspot disconnect issue

23 Mar 2020
cyber security

Critical NHS cyber security checks suspended due to coronavirus response

19 Mar 2020
operating systems

How to speed up Windows 10

4 Mar 2020