Microsoft to release three critical fixes
Posted on 09 August 2013.
The August 2013 Patch Tuesday advance notification includes a slightly higher volume of fixes than last month, but only 3 of 8 are critical, which is down from July’s 6 of 7 critical fixes. However, in a reversal from last month, the advisories are focused on Windows operating system patches, plus one Exchange issue.

Remember that a “critical” rating from Microsoft factors in its exploitability and if the vulnerability has been responsibly disclosed. Given this, we could be looking at a number of issues that are in the wild.

I would consider Bulletin #3 to be of the greatest concern, as it affects all supported versions of Microsoft's Exchange Server and is rated as critical with remote code execution. If this is truly a remotely exploitable issue that does not require user interaction, then it's a potentially wormable issue and definitely should be put at the top of the patching priority list.

Bulletin #1 is the monthly patch for Internet Explorer’s critical issues and should be the second prioritized patch, given its rating and broad exposure.

The third critical issue is Bulletin #2 and only applies to Windows XP and 2003. Therefore, for some organizations this patch may be of less concern, if they have already moved to newer Windows versions.

The other five advisories, two Elevation of Privilege, two Denial of Service (DoS), and one information disclosure are spread across Windows versions, with the only remarkable point being that one of the DoS vulnerabilities applies exclusively to Server 2012.


Author: Ross Barrett, Senior Manager, Security Engineering, Rapid7.





Spotlight

European Central Bank blackmailed in wake of data breach

Posted on 24 July 2014.  |  The European Central Bank - the central bank for the euro - has suffered a data breach, and has only discovered it after receiving a blackmail letter from the attacker.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Jul 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //