Microsoft warns on IE9 and Windows Server flaws
Software giant’s Patch Tuesday security update prioritises remote code execution flaws.
Microsoft late yesterday released summaries of 13 bulletins it said would address security flaws across a number of systems as part of its monthly patching cycle.
While nine of the bulletins in the advanced notification
were rated "important" in terms of their threat level and two were rated as "moderate," Microsoft reserved its highest,"critical" threat level for two flaws it said could be used to compromise its browser and server products.
Wolfgang Kandek, chief technology officer at security software firm Qualys, advised enterprises running the affected Windows systems to issue the patches as soon as they become available next Tuesday.
The first critical bulletin affects Internet Explorer(IE) versions 6 to 9 running on Windows 7, Vista, XP, 2008 and 2003 operating systems (OSs). The Microsoft notice said the IE vulnerability it could enable remote code execution for attackers to take control of these systems.
The second critical bulletin the Microsoft is prepping a patch for affects Windows Server OSs. Kandek said: "Server administrators should apply patches immediately as this vulnerability also leads to remote code execution."
The remaining 11 bulletins deal with otherremote code execution vulnerabilities, as well as those that enable elevation of administrative privileges, denial-of-service attacks, and threats to information disclosure.
Of these, Kandek highlighted another remote code execution flaw rated important, affecting Windows 7 and Windows 2008 OSs. As this third bulletin only affects Microsoft's latest OSs, he said it could be could be a little difficult to exploit in comparison to the other two critical flaws.
While also rated important, the remaining remote code execution vulnerability addressed in bulletin four is in Microsoft Office product,Visio.
Kandek advised that his firm had seen other Visio vulnerabilities fairly recently. He recommended: "Include the software in your regular patching cycle and/or have users not using that software remove it from their systems," he said.
This August Patch Tuesday almost halves the number of flaws administrators will have to deal with compared to last month.
Top 5 challenges of migrating applications to the cloud
Explore how VMware Cloud on AWS helps to address common cloud migration challengesDownload now
3 reasons why now is the time to rethink your network
Changing requirements call for new solutionsDownload now
All-flash buyer’s guide
Tips for evaluating Solid-State ArraysDownload now
Enabling enterprise machine and deep learning with intelligent storage
The power of AI can only be realised through efficient and performant delivery of dataDownload now