Nine Security Patches To Come on Tuesday

Expect nine patches in Microsoft's August security update, according to an advanced notification from Redmond, which suggested that five "critical" and four "important" bulletins will be seen on Tuesday.

The potential heavy hit comes after IT pros reel from two off-cycle Microsoft security bulletins released just last week. From a patching perspective, it's as if July slid into August without a break.

The usual suspects are expected to appear in the August slate, including remote code execution (RCE), elevation-of-privilege and denial-of-service risk considerations. All the fixes will be for Windows and related components.

What's unique for this month will be a critical cluster fix involving Microsoft Office, Visual Studio, Internet Security and Acceleration (ISA) Server, and BizTalk Server. This particular security bulletin likely will raise eyebrows among security pros, since Visual Studio and ISA Server were both patched in July.

Critical Patches
Microsoft provided a preview of the five critical fixes expected in its monthly security update.

The first critical fix will be for Office Web Components in Microsoft Office 2000 and 2003, as well as in Microsoft Office Small Business Accounting 2006. However, this fix also relates to Visual Studio .NET 2003, ISA Server 2004 and 2006, plus BizTalk Server 2002. The patch is designed to thwart RCE exploits in all these different products.

The second critical fix will address RCE exploits in supported Windows OS versions ranging from Windows 2000 to Windows Vista, as well as Windows Server 2003 and 2008. It also will plug holes in the Windows Client for Mac, which is a remote desktop function allowing users to connect to Windows-based workstations on a Mac.

Critical fix No. 3 only affects Windows Server 2000 and Windows Server 2003. The fourth critical patch affects all supported Windows OS versions.

The fifth and final critical patch will be for Outlook Express and Windows Media Player on every supported Windows OS version.

Important Patches
Microsoft also provided a peek at some of the important patches to expect next Tuesday.

Important fix No. 1 will have elevation-of-privilege considerations. Left unpatched, hackers may be able to use this vulnerability to promote their user status, or that of their automated proxies, to super-user status on a given system. XP, Vista and Windows Server 2003 and 2008 are all scheduled to get this patch.

The second important bulletin also will be an elevation-of-privilege patch. It will affect every Windows OS except for Windows Server 2008.

The third important item will deal with Redmond's .NET Framework for Vista and Windows Server 2008. It's designed to stave off denial-of-service attacks. Left unpatched, the exploit could leave administrators and Web developers locked out of the system.

The fourth and final fix in the important roster of security bulletins will affect all supported Windows OSes. It's designed to hold RCE exploits at bay in an as-yet-unspecified Windows component.

IT pros can expect to be kept busy with this upcoming August security update. Only the .NET Framework patch will not require a restart, according to Microsoft.

Meanwhile, IT pros can get a jump-start on Redmond's nonsecurity updates coming this month through Windows Update, Microsoft Update and Windows Server Update Services. A good place to start is this knowledgebase article.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus


  • .NET for Apache Spark Debuts in Version 1.0

    The open source project .NET for Apache Spark has debuted in version 1.0, finally vaulting the C# and F# programming languages into Big Data first-class citizenship.

  • In-App Reviews Come to Xamarin.Forms Android

    Android is playing a little catch-up to iOS regarding in-app review functionality, just now coming tp Microsoft's Xamarin.Forms implementation.

  • C# Slides in Usage Ranking of Programming Languages

    "The fact that C# lost three places in the ranking of language communities during the last three years is mostly explained by its slower growth compared to C/C++ and PHP."

  • Telerik UI for Blazor Updated

    Progress announced an update to its Telerik UI for Blazor components, targeting Microsoft's open source Blazor framework that lets C# coders create web apps without having to rely upon JavaScript.

  • Infragistics Unveils UI Components for Blazor

    Infragistics, specializing in third-party UI/UX controls and tools, unveiled a new offering targeting Blazor, Microsoft's red-hot open source framework that allows for C#-based web development instead of traditional mainstay JavaScript.

Upcoming Events