Microsoft August Patch Tuesday update offers nine updates
The fixes address Internet Explorer, Windows, Office, SQL Server, and Sharepoint vulnerabilities
Microsoft has posted nine bulletins in its August Patch Tuesday update, covering Internet Explorer, Windows, Office, SQL Server, and Sharepoint.
Two of its bulletins are rated critical and the updates should be applied immediately because they relate to Remote Code Execution vulnerabilities, while the others are ranked important.
Bulletin #1 relates to all versions of Internet Explorer - from IE 6 up to IE 11 on both Windows RT and Windows 8.1. It fixes bugs that could allow hackers to use Remote Code Execution through malicious web pages opened using the browser.
Wolfgang Kandek CTO of Qualys said: "These pages can be on sites that are either set up specifically for this purpose, requiring him or her to attract your users to the site or are on sites that are already under control of the attacker with an established user community, such as blogs and forums."
Bulletin #2 is a critical update for Windows affecting Windows 8 and Windows 8.1 plus the Media Center TV pack for Windows Vista. The update will fix bugs relating to the graphics processing pipeline that could allow a hacker to trick users into opening a malicious file.
Bulletin #3 affects OneNote in Office 2007 and targets a vulnerability relating to the file format and Remote Code Execution. Not applying the update could result in an attacker leading you to open a malicious file sent via Outlook. Newer versions of OneNote are not affected.
Bulletin #4 addresses vulnerabilities in SQL Server 2008, 2012 and 2014. It's ranked important because although it could mean a hacker could elevate their privileges, they would already need to have an account on the machine to exploit the vulnerability.
Bulletins #5 and Bulletin #6 relate to the Windows core operating system and like Bulletin #4, involve elevation of privilege vulnerabilities for existing users on the machine. A hacker could use the local network to achieve code execution remotely.
Kandek added: "Exploits for these types of vulnerabilities are part of the toolkit of any attacker as they are extremely useful, when the attackers gets an account on the machine, say through stolen credentials."
Bulletins #7 is a vulnerability in SharePoint Server 2013, while Bulletin #8 and Bulletin #9 are Security Feature Bypass bugs in .NET and newer versions of Windows.
Microsoft's Patch Tuesday update will be rolled out on August 12 (Tuesday). Anyone using the software and systems affected are advised to run Microsoft Baseline Security Analyzer, Windows Server Update Services (WSUS), Systems Management Server (SMS), and System Center Configuration Manager to detect and install the updates.
Become a digital service provider
How to transform your business from network core to edgeDownload now
Optimal business results with the cloud
Evaluating the best approaches to hybrid cloud adoptionDownload now
Virtualisation that enables choices, not compromises
Harness the virtualisation technology that's right for your hybrid infrastructureDownload now
Email security threat report 2020
Four key trends from spear fishing to credentials theftDownload now