What to expect on August's Patch Tuesday
As all Windows users will know, the second Tuesday in each month means it's patch time. So that system admins don’t get caught out Microsoft has published its advanced notification ahead of August's Patch Tuesday.
So what can we expect to see in this round of updates? There are nine bulletins in total for software including Internet Explorer, Windows and Office. Two are rated "critical" as they allow for remote code execution.
Bulletin 1 is the most important as it affects all versions of Internet Explorer from 6 up to 11. Wolfgang Kandek CTO of network security company Qualys writing on his company's blog says, "Since browsers are the attackers favorite targets, this patch should be top of your list. An attacker would exploit this vulnerability on your users through a malicious webpage. These pages can be on sites that are either set up specifically for this purpose, requiring him or her to attract your users to the site or are on sites that are already under control of the attacker with an established user community, such as blogs and forums".
The second critical bulletin is for Windows 7 and 8 plus the Media Center pack for Vista. Kandek believes it addresses a problem in the graphics processing pipeline that could trigger a vulnerability via a malicious web page.
Other bulletins in this round address a file format vulnerability in Office 2007's OneNote application, elevation of privilege vulnerabilities in SQL Server and Windows, a SharePoint Server 2013 issue, and security feature bypass problems in .NET and Windows.
Microsoft also provided some details of a new Internet Explorer capability that allows the browser to block out of date ActiveX controls. This works with IE versions from 8 through 11, initially it's focused on outdated Java versions but will no doubt be extended to other controls in the future.