August’s batch of bulletins from Redmond contains nine updates, two of them critical.  Unsurprisingly the first critical bulletin fixes yet another problem in Internet Explorer versions 6 to 11. The set of 26 vulnerabilities addressed by this update allow for remote code execution, and are rated moderate for Windows Server 2003 and above and critical for Windows Vista and above.

Although Internet Explorer is every hacker’s favorite target, Microsoft announced last weekthat in 2016 it will be curtailing support of older Internet Explorer versions, thus limiting users to an updated list of browser-OS pairings (this list can be found in the announcement).  Microsoft will no longer support IE6 to 8 even though it is the most popular desktop browser in use today according to Netmarketshare.  While this move will certainly make things easier for Microsoft, organizations with legacy software dependent on IE8 will have a busy year preparing for the changeover.

The second critical bulletin affects Windows 7 and 8, as well as the Media Center TV Pack for Windows Vista.  This vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that calls Windows Media Center resources.

Other notable bulletins include an SQL Server vulnerability rated important, and a SharePoint Server 2013 vulnerability giving a lot of extra sensitive patching work for the IT managers. 

Windows 7, 8 and 8.1 are the most affected with 6 bulletins rated critical and important, while Windows Server 2003 is the least affected with 3 bulletins rated important and moderate.

What we did not see in this patch Tuesday? A fix for the 3 zero day vulns on Microsoft Exchange Server, published on August 1.