Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Readies Critical Exchange, Internet Explorer Patches for Security Update

Microsoft is prepping eight security bulletins for next week’s Patch Tuesday release.

Microsoft is prepping eight security bulletins for next week’s Patch Tuesday release.

Three of the bulletins are rated ‘Critical’, while the others are classified as ‘important.’ The critical updates address vulnerabilities in Microsoft Windows, Internet Explorer and Exchange. All of the critical updates address remote code execution issues, while the remaining five cover a mix of privilege escalation, denial of service and information disclosure issues.

“I would consider Bulletin number three to be of the greatest concern, as it affects all supported versions of Microsoft’s Exchange Server and is rated as critical with remote code execution,” said Ross Barrett, senior manager of security engineering at Rapid7. “If this is truly a remotely exploitable issue that does not require user interaction, then it’s a potentially wormable issue and definitely should be put at the top of the patching priority list.”

The second most significant bulletin is bulletin one due to its severity, multiple security experts said.

“To me, Bulletin 1 is most critical, as last time I saw an IE Remote Code execution of this caliber, I saw live malware exploiting it not too long after,” said Ken Pickering, director of engineering, CORE Security. “People are getting good at turning these IE vulnerabilities into web-based attacks.”

Bulletin two impacts legacy code, primarily Windows XP, noted Paul Henry, security and forensics analyst at Lumension. Support for XP ends in April 2014, so organizations should be sure to get their upgrade plans in place if they have not done so already, he added.

“With eight bulletins today, Microsoft’s year-to-date total is 65 patches,” he said. “For anyone keeping track, that’s seven more than what we had covered off on last year at this time. At the start of the year, we anticipated higher numbers in 2013 given Microsoft’s commitment to cleaning up the low-hanging fruit out there. Last year at this time there were 35 important patches issued; we now see 40. Our criticals in 2013 number 25, with 35 in total for 2012. Good news there.”

Patch Tuesday is scheduled for Aug. 13.

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.