SOFTWARE BUG FACTORY Microsoft will issue two critical fixes for vulnerabilities in its Windows and Internet Explorer (IE) software products next week for its monthly Patch Tuesday release.
August Patch Tuesday will arrive on 12 August bringing with it at least nine security fixes, but less worrying for software users is that only two of the patches are rated as "Critical" by Microsoft, leaving users open to remote code execution attacks.
The remaining seven vulnerabilities are related to the firm's Microsoft Office, SQL server, Windows, Server and .Net framework software products. Each has an "Important" rating from Microsoft and leaves users open to a mix of remote code execution, elevation of privilege and security bypass exploits.
The IE flaw is the more serious of the two as it affects all versions of the web browser, according to Qualys CTO Wolfgang Kandek, who also said that the Windows bug is limited to a more specific set of users.
"The most critical patch is bulletin one, which affects all versions of IE. Since browsers are the attackers' favorite targets, this patch should be top of your list. An attacker could exploit this vulnerability through a malicious webpage," he explained.
"Bulletin two is a critical update for Windows and affects Windows 7 and Windows 8, plus the Media Center TV Pack for Vista. I believe it must be addressing bugs in the graphics processing pipeline, most likely in an online video component."
Microsoft released six patches for its July Patch Tuesday last month, and like this month two of those were listed as "Critical" fixes for vulnerabilities in its Windows operating system (OS) and Internet Explorer.
Revealed in a threat advisory, the patches fixed vulnerabilities that Microsoft said could be used by hackers to mount remote code execution attacks. µ