Microsoft just released its Advanced Notification for August 2012 containing nine bulletins that will have impact on both Workstation and Server administrators. Five of the bulletins are rated “critical,” affecting Windows, Office and Exchange and will address a total of 10 vulnerabilities. The remaining four bulletins bulletins are rated “important” and address flaws in Windows and Office.
Two of the five critical bulletins are of particular interest:
- Bulletin 1 is an update for Internet Explorer (IE), and it is the third consecutive update for Internet Explorer in as many months. This new faster update frequency for IE is fruit of the streamlining that Microsoft has done in their QA process, but it also illustrates that there continues to be no shortage of browser vulnerabilities. All versions of IE are affected.
- Bulletin 5 is an update for Exchange Server and will address the vulnerability caused by the Oracle component “Outside in” which was first reported and addressed by Oracle in their July Critical Patch Update (CPU). Microsoft had previously provided a workaround for Exchange Server administrators that disabled use of the flawed component in OWA in KB2737111
Of the remaining critical bulletins, Bulletin 2 and 3 are for Windows, but only affect XP and 2003 in their full severity. Vista and Windows 7 are not affected by Bulletin 2, and Bulletin 3 severity is downgraded to moderate on these newer platforms. Bulletin 4 applies to a wide variety of platforms, including all versions of Office and SQL Server.
The four important bulletins provide more updates for Windows and Office. Bulletin 8 and 9 are for Office and Visio and can both be used for Remote Code Execution vulnerabilities and deserve special attention similar to the critically rated bulletins.
Microsoft is not the only one to release security updates to their products next Tuesday. Adobe released Advisory APSB12-16 and will provide new versions of Acrobat and Adobe Reader that adress critical flaws in both products.