News

Nine Microsoft patch bulletins issued, contains fixes for IE and Exchange

Jeremy Stanley

Microsoft patched a number of vulnerabilities this month in its Internet Explorer and Exchange Server products. Of the nine patch bulletins it issued, five were rated "critical."

August is the third month straight that a patch has been issued for a vulnerability that affects Internet Explorer (IE). The often-targeted browser received a cumulative update that fixes four flaws. The patch doesn't allow for elevation of privilege, so users with low access may not be affected as much by the vulnerability as those with high access.

The vulnerabilities affect every version of IE, and Microsoft patched a vulnerability with JScript, which is rated "Important." The vulnerability could allow remote code execution if a user visits a malicious website.

Admins who manage Exchange servers should also be on the offensive, as a critical vulnerability was found that could allow for remote code execution, which was the subject of another bulletin. The vulnerability, which lies in WebReady Document Viewing, can be exploited if a user views a malicious file in

Requires Free Membership to View

Outlook Web App (OWA).

According to Microsoft, the source of the vulnerability was Oracle Corp.'s Outside In libraries, on which WebReady Document Viewing is based. "Microsoft has to be extremely worried about it," said Marc Maiffret, chief technology officer at Carlsbad, Calif.-based IT security company BeyondTrust Software Inc., referring to Microsoft's use of open source libraries like Outside In.

It could be "the first of more to come," he said. The Exchange patch is the server's first critical patch since February 2009, when Microsoft patched a flaw in Exchange's handling of Rich Text Format files.

Remote Desktop Protocol (RDP) also received a critical patch, which fixed a flaw in Windows XP SP3. This continues a string of months where Microsoft has released updates addressing issues in RDP. This one might have been uncovered because Microsoft does a security audit following a critical fix, Maiffret said.

Another point of emphasis that Windows admins should be focusing on, Maiffret said, is a vulnerability that affects Microsoft Common Controls, which has a footprint in a number of products, including Microsoft Office, Microsoft SQL Server, Microsoft server software and Microsoft developer tools. It's a critical vulnerability and should be patched quickly.

In total, there were nine bulletins for the month of August, which has been on the high-end so far this year. More information about this month's Patch Tuesday can found on Microsoft's bulletin page.

 


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: