Microsoft August Patch Tuesday update offers nine updates

The fixes address Internet Explorer, Windows, Office, SQL Server, and Sharepoint vulnerabilities

Patch Tuesday

Microsoft has posted nine bulletins in its August Patch Tuesday update, covering Internet Explorer, Windows, Office, SQL Server, and Sharepoint.

Two of its bulletins are rated critical and the updates should be applied immediately because they relate to Remote Code Execution vulnerabilities, while the others are ranked important.

Bulletin #1 relates to all versions of Internet Explorer - from IE 6 up to IE 11 on both Windows RT and Windows 8.1. It fixes bugs that could allow hackers to use Remote Code Execution through malicious web pages opened using the browser.

Wolfgang Kandek CTO of Qualys said: "These pages can be on sites that are either set up specifically for this purpose, requiring him or her to attract your users to the site or are on sites that are already under control of the attacker with an established user community, such as blogs and forums."

Bulletin #2 is a critical update for Windows affecting Windows 8 and Windows 8.1 plus the Media Center TV pack for Windows Vista. The update will fix bugs relating to the graphics processing pipeline that could allow a hacker to trick users into opening a malicious file.

Bulletin #3 affects OneNote in Office 2007 and targets a vulnerability relating to the file format and Remote Code Execution. Not applying the update could result in an attacker leading you to open a malicious file sent via Outlook. Newer versions of OneNote are not affected.

Bulletin #4 addresses vulnerabilities in SQL Server 2008, 2012 and 2014. It's ranked important because although it could mean a hacker could elevate their privileges, they would already need to have an account on the machine to exploit the vulnerability.

Bulletins #5 and Bulletin #6 relate to the Windows core operating system and like Bulletin #4, involve elevation of privilege vulnerabilities for existing users on the machine. A hacker could use the local network to achieve code execution remotely. 

Kandek added: "Exploits for these types of vulnerabilities are part of the toolkit of any attacker as they are extremely useful, when the attackers gets an account on the machine, say through stolen credentials."

Bulletins #7 is a vulnerability in SharePoint Server 2013, while Bulletin #8 and Bulletin #9 are Security Feature Bypass bugs in .NET and newer versions of Windows.

Microsoft's Patch Tuesday update will be rolled out on August 12 (Tuesday). Anyone using the software and systems affected are advised to run Microsoft Baseline Security Analyzer, Windows Server Update Services (WSUS), Systems Management Server (SMS), and System Center Configuration Manager to detect and install the updates.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Microsoft unveils its new retail-focused cloud service
Cloud

Microsoft unveils its new retail-focused cloud service

14 Jan 2021
Microsoft more than doubles file size limit for SharePoint, Teams, and OneDrive
Microsoft Office

Microsoft more than doubles file size limit for SharePoint, Teams, and OneDrive

14 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021

Most Popular

How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
The fate of Parler exposes the reality of deregulated social media
Policy & legislation

The fate of Parler exposes the reality of deregulated social media

14 Jan 2021
Should IT departments to call time on WhatsApp?
communications

Should IT departments to call time on WhatsApp?

15 Jan 2021