The Microsoft August Advance Notification for next week’s Patch Tuesday is out. There will be eight bulletins, three rated "critical" providing Remote Code Execution (RCE), with the remaining five bulletins marked "important".
Bulletin 1 affects all versions of Internet Explorer(IE) ranging from IE6 on Windows XP to IE10 on Windows 8 and RT. This will be the most important bulletin to implement. Bulletin 2 is rated “critical” for Windows XP and Windows Server 2003, but these are the only versions affected; anything newer is immune to the problem addressed in this update. Bulletin 3 is for MIcrosoft Exchange and affects all versions of Exchange, from 2003 to the newest version, 2013.
The remainder of the bulletins are rated “important” and address:
- Local elevation of privilege problems in all versions of Windows from XP to Windows 8
- Denial of service conditions in Windows Server 2012 and other variants starting with Vista all the way to Windows 2008R2
- An information disclosure problem in Windows Server 2003, 2008 and 2012
Altogether, this will be a normal sized Patch Tuesday, with three critical issues. It will be interesting to see if the Exchange release in Bulletin 3 is related to the recent Oracle CPU, which updated the Outside In package that Microsoft uses in the Exchange document conversion routines.
Stay tuned for more information on next Tuesday.