In today’s Patch Tuesday, users and administrators everywhere are advised to immediately update their systems with the latest security updates from Microsoft, with critical updates for Internet Explorer taking the spotlight.
For the month of August, Microsoft releases eight bulletins, three of these rated Critical while the rest are tagged Important. Similar to previous Patch Tuesdays, fixes for Internet Explorer may get the most attention. The bulletin addresses eleven vulnerabilities and affects IE versions 6 to 10, the most severe of which may enable an attacker to execute malware once users visit a maliciously-crafted website using Internet Explorer.
The other critical bulletins include the updates for Exchange server and Windows OS vulnerabilities. Similar to IE, these vulnerabilities may allow a remote attacker to execute a malware onto the system.
The bulletins rated as Important may not give an attacker the chance to execute malware, but not implementing these can lead to serious repercussions. The vulnerabilities in Windows and Windows Kernel may to an attacker gaining same privilege as current users. The other cited software bugs found in Windows NAT, ICMPv6, and Active Directory Federation Services may result to denial of service (DoS) attack and unwanted data disclosure respectively.
Microsoft’s update for the browser is a good reminder of the reality of the risks of browsers. In the recently concluded Blackhat Conference, researchers Jeremiah Grossman and Matt Johansen demonstrated the possibility of browser-based botnets and how this can be done using fake online ads. In a previous research, Trend Micro researcher Robert McArdle showed how a similar threat can be done by abusing HTML5.
On the topic of browsers, Mozilla also released Firefox 23 for Mac, which addresses 13 security issues. Similar to IE, exploiting these Firefox vulnerabilities may also lead to malicious file being executed in a vulnerable system.
With browsers being the default way to connect to the Web and the growing number of devices dependent on browsers, this continuous attention to IE and browser security shows that we may see more assaults to the browsers in the near future.
Users are advised to apply these security updates the soonest possible. You may also visit our Trend Micro Threat Encyclopedia page to know more about how Deep Security solution.