It’s that time of the month again, with Microsoft Patch Tuesday just 24 hours away.
In point form, August 2013 brings you:
- Eight bulletins
- Three critical due to potential remote code execution
- Critical #1: All Internet Explorer versions from 6 to 10
- Critical #2: Exchange Server versions 2007, 2010 and 2013
- Critical #3: Windows itself, but only XP and Server 2003
- Patches for Server Core, but none critical
- Reboot required
It’s hard to say just how severe (or how widely exploited, if at all) any of the critical vulnerabilities are, since Microsoft plays its cards close to its chest until the patches actually ship.
And even though some of the bulletins are listed with a Restart Requirement of “maybe,” you should assume you’ll be rebooting every Windows box within your remit.
That’s because all your systems will either have Internet Explorer on them, or be Server Core installs.
Both of those require a reboot.
As usual, SophosLabs will be publishing its own vulnerability assessments once Microsoft has officially issued its updates. (Redmond always gets to go first. Understandably, that’s the way it is.)
Although Naked Security generally recommends getting a move on with patching, lest you get sucked into a Change Control Resistance Vortex, SophosLabs gives you a Threat Level assessment for each patch.
All other things being equal, if you have to delay one or more of the eight Bulletins, the Threat Level helps you choose by assessing the likelihood that each security hole will be actively exploited.