News

Nine Security Patches To Come on Tuesday

Expect nine patches in Microsoft's August security update, according to an advanced notification from Redmond, which suggested that five "critical" and four "important" bulletins will be seen on Tuesday.

The potential heavy hit comes after IT pros reel from two off-cycle Microsoft security bulletins released just last week. From a patching perspective, it's as if July slid into August without a break.

The usual suspects are expected to appear in the August slate, including remote code execution (RCE), elevation-of-privilege and denial-of-service risk considerations. All the fixes will be for Windows and related components.

What's unique for this month will be a critical cluster fix involving Microsoft Office, Visual Studio, Internet Security and Acceleration (ISA) Server, and BizTalk Server. This particular security bulletin likely will raise eyebrows among security pros, since Visual Studio and ISA Server were both patched in July.

Critical Patches
Microsoft provided a preview of the five critical fixes expected in its monthly security update.

The first critical fix will be for Office Web Components in Microsoft Office 2000 and 2003, as well as in Microsoft Office Small Business Accounting 2006. However, this fix also relates to Visual Studio .NET 2003, ISA Server 2004 and 2006, plus BizTalk Server 2002. The patch is designed to thwart RCE exploits in all these different products.

The second critical fix will address RCE exploits in supported Windows OS versions ranging from Windows 2000 to Windows Vista, as well as Windows Server 2003 and 2008. It also will plug holes in the Windows Client for Mac, which is a remote desktop function allowing users to connect to Windows-based workstations on a Mac.

Critical fix No. 3 only affects Windows Server 2000 and Windows Server 2003. The fourth critical patch affects all supported Windows OS versions.

The fifth and final critical patch will be for Outlook Express and Windows Media Player on every supported Windows OS version.

Important Patches
Microsoft also provided a peek at some of the important patches to expect next Tuesday.

Important fix No. 1 will have elevation-of-privilege considerations. Left unpatched, hackers may be able to use this vulnerability to promote their user status, or that of their automated proxies, to super-user status on a given system. XP, Vista and Windows Server 2003 and 2008 are all scheduled to get this patch.

The second important bulletin also will be an elevation-of-privilege patch. It will affect every Windows OS except for Windows Server 2008.

The third important item will deal with Redmond's .NET Framework for Vista and Windows Server 2008. It's designed to stave off denial-of-service attacks. Left unpatched, the exploit could leave administrators and Web developers locked out of the system.

The fourth and final fix in the important roster of security bulletins will affect all supported Windows OSes. It's designed to hold RCE exploits at bay in an as-yet-unspecified Windows component.

IT pros can expect to be kept busy with this upcoming August security update. Only the .NET Framework patch will not require a restart, according to Microsoft.

Meanwhile, IT pros can get a jump-start on Redmond's nonsecurity updates coming this month through Windows Update, Microsoft Update and Windows Server Update Services. A good place to start is this knowledgebase article.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus

Featured

  • Compare New GitHub Copilot Free Plan for Visual Studio/VS Code to Paid Plans

    The free plan restricts the number of completions, chat requests and access to AI models, being suitable for occasional users and small projects.

  • Diving Deep into .NET MAUI

    Ever since someone figured out that fiddling bits results in source code, developers have sought one codebase for all types of apps on all platforms, with Microsoft's latest attempt to further that effort being .NET MAUI.

  • Copilot AI Boosts Abound in New VS Code v1.96

    Microsoft improved on its new "Copilot Edit" functionality in the latest release of Visual Studio Code, v1.96, its open-source based code editor that has become the most popular in the world according to many surveys.

  • AdaBoost Regression Using C#

    Dr. James McCaffrey from Microsoft Research presents a complete end-to-end demonstration of the AdaBoost.R2 algorithm for regression problems (where the goal is to predict a single numeric value). The implementation follows the original source research paper closely, so you can use it as a guide for customization for specific scenarios.

  • Versioning and Documenting ASP.NET Core Services

    Building an API with ASP.NET Core is only half the job. If your API is going to live more than one release cycle, you're going to need to version it. If you have other people building clients for it, you're going to need to document it.

Subscribe on YouTube