Microsoft to release three critical fixes
Posted on 09 August 2013.
The August 2013 Patch Tuesday advance notification includes a slightly higher volume of fixes than last month, but only 3 of 8 are critical, which is down from July’s 6 of 7 critical fixes. However, in a reversal from last month, the advisories are focused on Windows operating system patches, plus one Exchange issue.

Remember that a “critical” rating from Microsoft factors in its exploitability and if the vulnerability has been responsibly disclosed. Given this, we could be looking at a number of issues that are in the wild.

I would consider Bulletin #3 to be of the greatest concern, as it affects all supported versions of Microsoft's Exchange Server and is rated as critical with remote code execution. If this is truly a remotely exploitable issue that does not require user interaction, then it's a potentially wormable issue and definitely should be put at the top of the patching priority list.

Bulletin #1 is the monthly patch for Internet Explorer’s critical issues and should be the second prioritized patch, given its rating and broad exposure.

The third critical issue is Bulletin #2 and only applies to Windows XP and 2003. Therefore, for some organizations this patch may be of less concern, if they have already moved to newer Windows versions.

The other five advisories, two Elevation of Privilege, two Denial of Service (DoS), and one information disclosure are spread across Windows versions, with the only remarkable point being that one of the DoS vulnerabilities applies exclusively to Server 2012.


Author: Ross Barrett, Senior Manager, Security Engineering, Rapid7.





Spotlight

Windows 0-day exploited in ongoing attacks, temporary workarounds offered

Posted on 22 October 2014.  |  A new Windows zero-day vulnerability is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //