IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft August Patch Tuesday update offers nine updates

The fixes address Internet Explorer, Windows, Office, SQL Server, and Sharepoint vulnerabilities

Patch Tuesday

Microsoft has posted nine bulletins in its August Patch Tuesday update, covering Internet Explorer, Windows, Office, SQL Server, and Sharepoint.

Two of its bulletins are rated critical and the updates should be applied immediately because they relate to Remote Code Execution vulnerabilities, while the others are ranked important.

Bulletin #1 relates to all versions of Internet Explorer - from IE 6 up to IE 11 on both Windows RT and Windows 8.1. It fixes bugs that could allow hackers to use Remote Code Execution through malicious web pages opened using the browser.

Wolfgang Kandek CTO of Qualys said: "These pages can be on sites that are either set up specifically for this purpose, requiring him or her to attract your users to the site or are on sites that are already under control of the attacker with an established user community, such as blogs and forums."

Bulletin #2 is a critical update for Windows affecting Windows 8 and Windows 8.1 plus the Media Center TV pack for Windows Vista. The update will fix bugs relating to the graphics processing pipeline that could allow a hacker to trick users into opening a malicious file.

Bulletin #3 affects OneNote in Office 2007 and targets a vulnerability relating to the file format and Remote Code Execution. Not applying the update could result in an attacker leading you to open a malicious file sent via Outlook. Newer versions of OneNote are not affected.

Bulletin #4 addresses vulnerabilities in SQL Server 2008, 2012 and 2014. It's ranked important because although it could mean a hacker could elevate their privileges, they would already need to have an account on the machine to exploit the vulnerability.

Bulletins #5 and Bulletin #6 relate to the Windows core operating system and like Bulletin #4, involve elevation of privilege vulnerabilities for existing users on the machine. A hacker could use the local network to achieve code execution remotely. 

Kandek added: "Exploits for these types of vulnerabilities are part of the toolkit of any attacker as they are extremely useful, when the attackers gets an account on the machine, say through stolen credentials."

Bulletins #7 is a vulnerability in SharePoint Server 2013, while Bulletin #8 and Bulletin #9 are Security Feature Bypass bugs in .NET and newer versions of Windows.

Microsoft's Patch Tuesday update will be rolled out on August 12 (Tuesday). Anyone using the software and systems affected are advised to run Microsoft Baseline Security Analyzer, Windows Server Update Services (WSUS), Systems Management Server (SMS), and System Center Configuration Manager to detect and install the updates.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022
Microsoft warns of new botnet variant targeting Windows and Linux systems
Security

Microsoft warns of new botnet variant targeting Windows and Linux systems

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Actively exploited Windows vulnerability reaches peak severity when paired with popular attack
Security

Actively exploited Windows vulnerability reaches peak severity when paired with popular attack

11 May 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022