September 17, 2014

Microsoft to fix five critical security issues on Tuesday

(LiveHacking.Com) – Microsoft has released its advance notification for August’s patch Tuesday. This month Microsoft will release nine security bulletins, five of which are Critical and four Important. The five Critical security bulletins address ten remote code execution vulnerabilities in Microsoft Windows, Internet Explorer, Exchange, SQL Server, Server Software, and Developer Tools.

Included in the patches is a fix for the vulnerabilities in the Microsoft Exchange. The vulnerabilities are in Oracle’s Outside In libraries, that are used in Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and FAST Search Server 2010 for SharePoint. The Outside In libraries were updated last month as part a Critical Patch Update released by Oracle.

Microsoft issued a security advisory at the end of July which detailed how the Oracle Outside In libraries, that are designed to parse and decode over 500 different file formats, contain several exploitable vulnerabilities which can allow a remote, unauthenticated attacker to run arbitrary code on a vulnerable system.

Affected versions of Windows for this set of updates are Windows XP, Windows Vista and Windows 7. For the server versions of Windows affected editions are Windows Server 2003 and Windows Server 2008. Internet Explorer 6, 7, 8 and 9 are also affected.

The four bulletins that have been rated as Important will address vulnerabilities in Windows and Microsoft Office.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks