Microsoft's August Patch Tuesday Fixes Two Critical RCE Bugs
Microsoft has announced a slew of security updates for August's Patch Tuesday, with nine bulletins addressing critical and important vulnerabilities. Two bulletins are rated 'critical', allowing for Remote Code Execution (RCE).
Bulletins #8 and #9 target .NET and newer versions of Microsoft 365, both rated 'critical' and enabling RCE. Meanwhile, Bulletin #1 affects all versions of Internet Explorer and should be prioritized due to the browser's widespread use. It targets IE 6, 7, and 8 on XP, Vista, and Server 2008.
Bulletin #2 is a critical update for Windows 7 and 8, impacting the graphics processing pipeline, likely in an online video component. Bulletin #3 affects Microsoft Office OneNote 2007, providing RCE capabilities through a malicious file. Bulletins #5 and #6 are local elevation of privilege vulnerabilities in Windows, useful for attackers already on the machine.
Bulletin #4 is an important vulnerability in SQL Server 2008, 2012, and 2014, allowing for local elevation of privilege. Bulletin #7 affects SharePoint Server 2013, with capabilities yet to be determined. Microsoft is also introducing a new security capability in Internet Explorer to refuse running outdated versions of ActiveX controls.
Microsoft's August Patch Tuesday will address nine security bulletins, including two critical RCE vulnerabilities in .NET and newer Microsoft 365 versions. Users should prioritize updates for Internet Explorer and Windows 7/8. Further details on SharePoint Server 2013 and SQL Server vulnerabilities are forthcoming.
Read also:
- Klinikum Landshut Recognized for Exceptional Care in Breast Cancer, Urology, and Orthopedics
- Man Survives 3,300-Meter Skydive Fall After Parachute Malfunction
- Fructose Market Forecasted to Exceed $8.1 Billion by 2034
- Senate Tillis under spotlight in North Carolina as IRA tax incentives remain uncertain
