Microsoft August Patch Tuesday update offers nine updates

The fixes address Internet Explorer, Windows, Office, SQL Server, and Sharepoint vulnerabilities

Patch Tuesday

Microsoft has posted nine bulletins in its August Patch Tuesday update, covering Internet Explorer, Windows, Office, SQL Server, and Sharepoint.

Two of its bulletins are rated critical and the updates should be applied immediately because they relate to Remote Code Execution vulnerabilities, while the others are ranked important.

Bulletin #1 relates to all versions of Internet Explorer - from IE 6 up to IE 11 on both Windows RT and Windows 8.1. It fixes bugs that could allow hackers to use Remote Code Execution through malicious web pages opened using the browser.

Wolfgang Kandek CTO of Qualys said: "These pages can be on sites that are either set up specifically for this purpose, requiring him or her to attract your users to the site or are on sites that are already under control of the attacker with an established user community, such as blogs and forums."

Bulletin #2 is a critical update for Windows affecting Windows 8 and Windows 8.1 plus the Media Center TV pack for Windows Vista. The update will fix bugs relating to the graphics processing pipeline that could allow a hacker to trick users into opening a malicious file.

Bulletin #3 affects OneNote in Office 2007 and targets a vulnerability relating to the file format and Remote Code Execution. Not applying the update could result in an attacker leading you to open a malicious file sent via Outlook. Newer versions of OneNote are not affected.

Bulletin #4 addresses vulnerabilities in SQL Server 2008, 2012 and 2014. It's ranked important because although it could mean a hacker could elevate their privileges, they would already need to have an account on the machine to exploit the vulnerability.

Bulletins #5 and Bulletin #6 relate to the Windows core operating system and like Bulletin #4, involve elevation of privilege vulnerabilities for existing users on the machine. A hacker could use the local network to achieve code execution remotely. 

Kandek added: "Exploits for these types of vulnerabilities are part of the toolkit of any attacker as they are extremely useful, when the attackers gets an account on the machine, say through stolen credentials."

Bulletins #7 is a vulnerability in SharePoint Server 2013, while Bulletin #8 and Bulletin #9 are Security Feature Bypass bugs in .NET and newer versions of Windows.

Microsoft's Patch Tuesday update will be rolled out on August 12 (Tuesday). Anyone using the software and systems affected are advised to run Microsoft Baseline Security Analyzer, Windows Server Update Services (WSUS), Systems Management Server (SMS), and System Center Configuration Manager to detect and install the updates.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Microsoft hit with formal complaint over "monopolistic" software bundling
collaboration

Microsoft hit with formal complaint over "monopolistic" software bundling

29 Nov 2021
Gmail vs Outlook.com: Which one is better?
email providers

Gmail vs Outlook.com: Which one is better?

26 Nov 2021
Business customers can get 30% off the Surface Laptop Go for Black Friday 2021
Laptops

Business customers can get 30% off the Surface Laptop Go for Black Friday 2021

26 Nov 2021
Hackers use SquirrelWaffle malware to hack Exchange servers in new campaign
malware

Hackers use SquirrelWaffle malware to hack Exchange servers in new campaign

22 Nov 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
Jack Dorsey resigns as Twitter CEO
business management

Jack Dorsey resigns as Twitter CEO

29 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021