While the Blackhat security conference is currently taking place in Las Vegas, Microsoft has published their Advanced Notice for the month of August, giving us a peek at what the company plans to fix during August 2014 Patch Tuesday. These updates are rolling out in just two days, so lets take a look at what will be offered.
The software giant is set to address nine bulletins affecting a wide variety of company products, including Internet Explorer, Windows, Office, SQL Server, and Sharepoint. Two of the bulletins are rated Critical, the company’s highest rated label, as they allow for Remote Code Execution. Seven of the updates are rated Important.
According to the security researchers at Qualys, the most important critical security patch is Bulletin #1, which affects all versions of Internet Explorer (IE). This means IE6 to IE11 are affected, on both Windows 8.1 and Windows RT. “Since browsers are the attackers favorite targets, this patch should be top of your list. An attacker would exploit this vulnerability on your users through a malicious webpage. These pages can be on sites that are either set up specifically for this purpose, requiring him or her to attract your users to the site or are on sites that are already under control of the attacker with an established user community, such as blogs and forums,” Qualys told WinBeta.
The second bulletin is a critical update for Windows, and affects Windows 8 and Windows 8.1, along with the Media Center TV pack for Windows Vista. This update addresses bugs in the graphics processing pipeline allowing an attacker to trick you into opening a malicious file.
The third bulletin affects OneNote in Office 2007 and deals with a file format vulnerability as well as Remote Code Execution. “An attacker would have to convince your users to open a malicious file, most likely with a targeted e-mail. Of course if you do not have OneNote installed or are on a newer version of Microsoft Office (you really should be, as 2007 lacks many of the newer security features) you are not affected,” Qualys explains.
The remainder of the bulletins deal with elevation of privileges in Windows, SQL Server, and SharePoint Server. Windows 8.1 is slated to receive two critical updates, and four important updates. Microsoft recommends that customers apply Critical updates immediately, while the company recommends that customers apply Important updates at the earliest opportunity.
Aside from security updates, Microsoft is set to roll out Windows 8.1 Update 2, now known as Windows 8.1 August Update. Originally planned to feature the returning Start Menu, Update 2 will now feature precision touchpad improvements, Miracast Receive support, and various other minor fixes.
August 2014 Patch Tuesday takes place Tuesday, August 12th. Stay tuned!Further reading: Microsoft, Patch Tuesday, Windows 8.1