August Patch Tuesday: Microsoft Takes Out 23 Bugs in Windows, IE, Exchange

By: Radu Tyrsina
2 minute read

It’s that time of the month when Microsoft released its Patch Tuesday aimed at fixing vulnerabilities. Last month’s Patch Tuesday posed some issues for users as they were still causing bugs, being “half-baked”. This is the eighth Patch Tuesday of the year and it comes with eight new security bulletins (coincidence?) with only three being rated as “Critical” and five as “Important”.

The eight security bulletins release by Microsoft address 23 vulnerabilities from Windows, Internet Explorer and Exchange. The most important patches, as per Microsoft’s recommendation, are MS13-059 (Internet Explorer) and MS13-060 (Windows XP and Server 2003.). After applying those first priority patches, you should patch every other software from Microsoft that you are using to make sure you have a top-notch security

23 vulnerabilities found in Patch Tuesday

Security bulletin MS13-059 is an important security update for Internet Explorer that covers 11 privately disclosed vulnerabilities. We don’t know if these have been widely used or if they have been heavily exploited by hackers.

The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user.

Security bulletin MS13-060 patches a vulnerability found Microsoft Exchange Server’s Unicode Script Processor, letting hackers  font rendering as an attack vector. Qualys CTO Wolfgang Kandek explained:

Tthe fonts are drawn on the kernel level, so if you can somehow influence the drawing of the fonts and overflow it. This would give an attacker control over the victim’s computer.patch tuesday august microsoft

Amol Sarwate, Director of Qualys Vulnerability Labs:

It’s a very enticing attack vector. All an attacker would have to do is direct a victim to a document, email, or malicious webpage to exploit the vulnerability.

Besides the above, here are some other highlights and “goodies” from this month’s Patch Tuesday that and the description of the rest of the security bulletins:

  • MS13-061 – vulnerability Oracle libraries “Outside In”
  • MS13-062 – vulnerability affecting the RPC handling code in all Windows versions
  • MS13-063 – bypass of ASLR (Address Space Layout Randomization) and 3 kernel corruption vulnerabilities to allow elevation of privilege
  • MS13-064 – single denial of service vulnerability in the Windows Server 2012 NAT Driver
  • MS13-065 – single denial of service vulnerability in the IPv6 stack in all versions of Windows except XP and Server 2003
  • MS13-066 – information disclosure vulnerability in the Active Directory Federation Services (AD FS) in all Intel-based versions of Windows Server other than Server Core.

Besides this, Microsoft has also updated Windows 8 and RT ‘to improve protection functionality in Windows Defender’.

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading

Discussions