Patch Tuesday Preview: Microsoft Readying IE, Exchange Security Update


Microsoft said it will be addressing both server- and client-side vulnerabilities in its August round of updates, repairing critical flaws in its Internet Explorer browser and a threat to its Exchange email server software.

Microsoft's August Patch Tuesday Advance Notification indicates that the software maker plans to issue eight security bulletins, including three critical, addressing vulnerabilities in Windows and several other components.

Internet Explorer errors almost always serve as the most severe and timely to patch, said Tommy Chin, technical support engineer at Core Security Technologies. Chin said attackers can develop an exploit to target the vulnerabilities very quickly.

[Related: Microsoft Sharing Threat Intelligence Data With Incident Responders]

The Exchange server update could also be a top concern for patching administrators. A compromised email server could pose a severe impact on businesses, which makes applying the security update a priority, Chin said.

"The remote code execution disclosure within the Exchange server represents a threat to all companies using Exchange to run their e-mail service," Chin said in an email to CRN. "For most organizations, this scenario is simply unacceptable due to the sensitive information contained within today's e-mail conversations."

The third critical bulletin, a remote-code execution vulnerability in Windows impacts Windows XP and Windows Server 2003. Microsoft said its August update would also include a new version of the Microsoft Windows Malicious Software Removal Tool.

August will be the first month that Microsoft's newly revised Active Protection Program will be in place. Some security firms will receive information about vulnerabilities being patched several days before the official update is released to the public. The firm is also sharing threat intelligence with some security firms with the adoption of two threat intelligence sharing frameworks.

In July, Microsoft repaired 34 vulnerabilities across its product line. The update included fixes for Microsoft Office, Silverlight and a high-profile Windows zero-day vulnerability.

PUBLISHED AUG. 8, 2013