Awooga: August Patch Tuesday incoming – with two remote-code exec bugs in IE, Windows
Good news for Server admins – no critical fixes planned
Microsoft has published advance notification for what it says will be a total of nine security update bulletins for its products – two of which are rated critical.
The company said that the latest patch batch, set to arrive on August 12, will bundle critical Internet Explorer and Windows fixes with seven other tweaks for issues rated as important; the vulnerabilities range from remote code execution to protection bypasses.
Both of the critical fixes will address remote-code execution flaws. The first bulletin will be an update for all supported versions of Internet Explorer, while the second will fix an unspecified remote-code flaw in a component within Windows 7 through 8.1.
Windows Server admins will be pleased to note that there will be no critical bulletins for those systems this month, and the Internet Explorer patch is only considered a moderate risk for servers. However, several bulletins will still be rated 'important' and should be addressed with an update.
The company also plans to address a remote-code execution vulnerability in Microsoft Office, which is rated as important, and an elevation of privilege flaw in SQL Server. Microsoft Server Software will also receive a fix for another elevation of privilege vulnerability.
The remaining three bulletins will address a pair of elevation of privilege flaws and a security bypass vulnerability in Windows.
Microsoft typically issues the updates on Tuesday during US working hours. Adobe has also taken to posting its own monthly security updates on the same day, so best to keep an eye out for that as well. ®