Microsoft will issue eight bulletins on next week's Patch Tuesday, including three that are rated as critical.
With the remaining five rated as important, the critical updates will address remote code execution vulnerabilities in Windows, Internet Explorer and Exchange. The five important patches are all for Windows.
Paul Henry, security and forensics analyst at Lumension, said: “IT departments will get a bit of a reprieve this August Patch Tuesday. While eight bulletins may seem high at first glance, three of them are considered critical and just one impacts the current code base.
“Bulletin number two impacts legacy code, primarily XP. Remember, XP is done in April so be sure to get your upgrade plans in place. Bulletin three rounds out the critical patches with an Exchange issue.
As for our important patches this month, bulletin four is an escalation of privilege across all platforms; bulletin five is an escalation of privilege across all 32-bit platforms and bulletin six is a denial-of-service issue impacting Windows Server 2012. Bulletins seven and eight are denial-of-service issues.”
Wolfgang Kandek, CTO of Qualys, said: “Altogether, this will be a normal sized Patch Tuesday, with three critical issues. It will be interesting to see if the Exchange release in bulletin three is related to the recent Oracle CPU, which updated the Outside In package that Microsoft uses in the Exchange document conversion routines.”
Tommy Chin, technical support engineer at Core Security, said: “This month's remediation is all about the Exchange servers. The remote code execution disclosure within the Exchange server represents a threat to all companies using Exchange to run their email service.
“This communication channel is usually taken for granted since it normally works without question. However, what if all email communications suddenly became compromised? For most organisations, this scenario is simply unacceptable due to the sensitive information contained within today's email conversations.”