Warning: Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, and more.
As part of the Microsoft
Security Bulletin Summary for August 2013, Microsoft
has released today, updates to address vulnerabilities in Microsoft Windows,
Internet Explorer, and Microsoft Server Software.
Connectikpeople has observed that, these vulnerabilities could allow remote
code execution, elevation of privilege, denial of service, or information
disclosure.
Within these
eight security updates, Connectikpeople has nabbedthree critical and five important, addressing 23 vulnerabilities in Microsoft Windows, Internet Explorer and Exchange.
Below, we have the Microsoft Bulletin Deployment Priority guidance with the goal to further assist in deployment planning.
MS13-059: Cumulative Security Update for Internet Explorer
This security update aims to resolve eleven privately disclosed issues in Internet Explorer. According to Microsoft all issues could allow remote code execution if a user views a specially-crafted webpage using the browser. An attacker who successfully exploited these vulnerabilities could gain the same rights as the current user.
MS13-060: Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution
This security update aims to resolve one issue in Windows that could allow remote code execution if a user views a specially-crafted document or web page. An attacker who successfully exploited these vulnerabilities could gain the same rights as the logged-on user. This security update is rated Critical for Windows XP and Windows Server 2003.
Security Advisory 2861855: Updates to Improve Remote Desktop Protocol Network-level Authentication
This update aims to add defense-in-depth measures to the Network Level Authentication (NLA) technology within the Remote Desktop Protocol in Microsoft Windows.
Security Advisory 2862973: Update for Deprecation of MD5 Hashing Algorithm for Microsoft Root Certificate Program
This update impacts applications and services using certificates with the MD5 hashing algorithm. According to Microsoft:
·
This restriction is limited to certificates issued
under roots in the Microsoft root certificate program.
·
This will apply
only to certificates utilized for server authentication, code signing and time
stamping.
·
These applications and services will no longer trust
certificates utilizing MD5 and Microsoft has promised to release this change
via Microsoft Update in February 2014.
Finally,
Connectikpeople recommends all users to apply the new updates that apply to their
systems. For those who have automatic updating enabled, they will not need to
take any action.