As part of this month’s Patch Tuesday, Microsoft released a set of security updates for Windows Server 2008. Most important security updates are KB4047170, KB4052303, and KB4053473 that address vulnerabilities in various system features.
Windows Server 2008 KB4047170
Windows Server 2008 update KB4047170 fixes the information disclosure vulnerability in Windows Medial Player.
“An information vulnerability exists when Windows Media Player improperly discloses file information. Successful exploitation of the vulnerability could allow an attacker to test for the presence of files on disk.”
Also, Microsoft warns users not to install any language packs after installing this security update. So, if you plan to install a language pack, do it before installing KB4047170.
Windows Server 2008 KB4052303
Windows Server 2008 update KB4052303 addresses the RRAS Service remote code execution vulnerability.
“A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploits this vulnerability could execute code on the target system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Windows Server 2008 KB4053473
Windows Server 2008 update KB4053473 addresses the information disclosure vulnerability with the Windows its:// protocol handler.
“An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site to determine the zone of a provided URL. This could potentially result in the disclosure of sensitive information to a malicious site.”
To download all these updates, simply check for updates, and your Windows Server 2008 machine will download each update automatically. Or you can download and install updates manually from Microsoft Update Catalog.
You can download updates from these links:
- Windows Server 2008 update KB4047170
- Windows Server 2008 update KB4052303
- Windows Server 2008 update KB4053473
In case you’ve encountered any issues upon installing these updates, fell free to let us know in the comments below.