Simply Security - News, Views, and Opinions from Trend Micro

Posted on August 18th, 2011 in Trend Labs by TrendLabs | Be the first to comment |

This month, 13 is a(n) (un)lucky number as Microsoft released 13 security bulletins to resolve 22 vulnerabilities for today’s August Patch Tuesday. This month’s bulletins include fixes for reported bugs in Internet Explorer, Windows, Office, and Virtual Studio, among others.

Two of these bulletins have been deemed “critical” by Microsoft, such as that with five undisclosed and two publicly reported bugs in Internet Explorer. The most severe of these vulnerabilities may lead to an attacker executing a malicious code on the system. Successfully exploiting any of these bugs may give the remote user the same rights as the local user.

The other critical bulletin is an update for two vulnerabilities in Windows DNS Server. Exploiting this vulnerability may also lead to remote code execution. However, systems that do not have DNS role enabled are not affected.

The risks the rest of the bulletins pose are not as severe; nine of which have been tagged “important” while two were rated “moderate.” One of the important bulletins addresses a bug in Remote Desktop Web Access, specifically a cross-scripting (XSS) vulnerability. Exploiting this bug may lead to remote code execution though enabling the XSS filter in Internet Explorer 8 and 9 may prevent this from happening.

Users are advised to immediately download and apply these patches. For more details regarding this month’s Patch Tuesday release, users may visit these Trend Micro security pages.

Post from: TrendLabs | Malware Blog – by Trend Micro