Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Readies Critical Exchange, Internet Explorer Patches for Security Update

Microsoft is prepping eight security bulletins for next week’s Patch Tuesday release.

Microsoft is prepping eight security bulletins for next week’s Patch Tuesday release.

Three of the bulletins are rated ‘Critical’, while the others are classified as ‘important.’ The critical updates address vulnerabilities in Microsoft Windows, Internet Explorer and Exchange. All of the critical updates address remote code execution issues, while the remaining five cover a mix of privilege escalation, denial of service and information disclosure issues.

“I would consider Bulletin number three to be of the greatest concern, as it affects all supported versions of Microsoft’s Exchange Server and is rated as critical with remote code execution,” said Ross Barrett, senior manager of security engineering at Rapid7. “If this is truly a remotely exploitable issue that does not require user interaction, then it’s a potentially wormable issue and definitely should be put at the top of the patching priority list.”

The second most significant bulletin is bulletin one due to its severity, multiple security experts said.

“To me, Bulletin 1 is most critical, as last time I saw an IE Remote Code execution of this caliber, I saw live malware exploiting it not too long after,” said Ken Pickering, director of engineering, CORE Security. “People are getting good at turning these IE vulnerabilities into web-based attacks.”

Bulletin two impacts legacy code, primarily Windows XP, noted Paul Henry, security and forensics analyst at Lumension. Support for XP ends in April 2014, so organizations should be sure to get their upgrade plans in place if they have not done so already, he added.

Advertisement. Scroll to continue reading.

“With eight bulletins today, Microsoft’s year-to-date total is 65 patches,” he said. “For anyone keeping track, that’s seven more than what we had covered off on last year at this time. At the start of the year, we anticipated higher numbers in 2013 given Microsoft’s commitment to cleaning up the low-hanging fruit out there. Last year at this time there were 35 important patches issued; we now see 40. Our criticals in 2013 number 25, with 35 in total for 2012. Good news there.”

Patch Tuesday is scheduled for Aug. 13.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.