Microsoft released patch tuesday for August, addressing multiple vulnerabilities in Microsoft Windows, Internet Explorer and Exchange Server. The first update is MS13-059, a cumulative update for Internet Explorer, and patches 11 separate vulnerabilities, 9 of which are rated critical on one or more platforms. The 9 critical vulnerabilities are all memory corruption vulnerabilities. The other 2 are only rated as Moderate severity on some platforms for privilege escalation or information disclosure. MS13-060 (Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution) affects only Windows XP and Server 2003. “The vulnerability could allow remote code execution if a user viewed a specially crafted document or webpage with an application that supports embedded OpenType fonts.” MS13-061 describes 3 critical vulnerabilities in all currently-supported versions of Exchange Server. The actual vulnerability is in a set of Oracle libraries, called Outside In, which assist in document viewing for users of Outlook Web Access in a web browser. The update installs fixed versions of the Oracle libraries. These vulnerabilities have been publicly disclosed already, but Microsoft states that “Exploit code would be difficult to build”. <more>

Leave a Reply

Your email address will not be published. Required fields are marked *