Microsoft's August Security Update Has 9 Fixes
Preview bulletin shows five items to be rated "critical."
Microsoft said it expects to release nine fixes next week, with five of them to be rated as "critical", according to Microsoft's Security Bulletin Advance Notification.
Microsoft's OS is the largest target of this month's batch of fixes, as three of the five critical items and two "important" bulletins feature tweaks for multiple versions of Windows.
"It's a busy Patch Tuesday this month, with lots of reboots, affecting all versions of Windows," commented Paul Henry, Security and Forensic Analyst for security firm Lumension. "No one gets a break this month. Some of the updates this month will have far reaching impact and they include patches to new problems, updates to old problems and something that might cause you a little more work than you might have been anticipating this month."
All five critical items and three of the five important bulletins address remote code execution flaws, while a lone elevation of privilege fix for Windows makes up the final item.
Along with Windows, Microsoft Office, Internet Explorer, SQL Server and Microsoft Developer Tools will be targeted for this month's update.
Security experts are advising that IT prioritizes bulletin 5 to the top of the list on Tuesday, as it addresses a known problem with the Oracle software Outside In, which is licensed in Exchange.
This [bulletin] is interesting from an exploitation standpoint because Exchange servers are usually exposed on the Internet," said Marcus Carey, security researcher at Rapid7, in an e-mailed statement. "When attackers hear 'remote code execution on Exchange' it's music to their ears. They could see potential for remote discovery, remote exploitation and propagation of attacks since Exchange is the epicenter of most organizations' communications. Email servers are prime targets for exploitation."
Look for more information on August's Security Update once released this Tuesday around 10 a.m. PST.