Microsoft patches critical flaws in Internet Explorer and Exchange Server

[nsane.forums]

Is it already mid-August, and are we really up to the eighth Patch Tuesday of 2013? It’s time to start planning Halloween costumes and thinking about holiday shopping. Yikes!

For the August Patch Tuesday, Microsoft has released eight new security bulletins. That’s not a light month by any stretch, but considering there have been many months with nearly double that amount, it’s not too bad. More importantly, only three of them are rated as Critical, and none of them are being actively exploited in the wild. Security experts seem to unanimously agree that the top priorities this month are Internet Explorer (MS13-059) and Microsoft Exchange Server (MS13-061).

“MS13-059 addresses 11 privately disclosed vulnerabilities, including multiple memory corruptions, an information disclosure, and a privilege elevation vulnerability," says Marc Maiffret, CTO of BeyondTrust, about the Internet Explorer patch. "This month is no different from recent months where we have seen many memory corruptions addressed in Internet Explorer.”

Tyler Reguly, technical manager of security research and development for Tripwire, focused MS13-059 as well: “As usual, Internet Explorer is the first patch everyone should install."

View: Original Article