Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Microsoft to clean up after Oracle's patch mess again next week

Gregg Keizer | Aug. 12, 2013
Slates eight security updates for next week, including critical fixes to Exchange likely stemming from Oracle's Outside In technology.

Other security experts have also weighed in on the continuing Outside In-Exchange security problems.

In June, Will Dormann published research that outlined Exchange's increased risk to attack because of Outside In. Dormann, a vulnerability analyst at CERT Coordination Center, part of the public-private collaboration by U.S. CERT, recommended that businesses turn off Web Ready, the feature that applies the Outside In technology, or upgrade to Exchange 2010 or Exchange 2013. Those versions make exploitation of Outside In bugs much more difficult, said Dormann.

Other updates next week include a critical fix that applies only to the aging Windows XP and almost-as-old Windows Server 2003. Windows XP will be retired in April 2014, while Server 2003 has until July 2015 before it's pastured.

The five updates marked important will patch vulnerabilities in various versions of Windows. If the updates are not deployed, criminals may be able to conduct denial-of-service attacks — crashing Windows — steal information stored on Windows' PCs or acquire additional privileges that would let them run more threatening attacks or cyber espionage campaigns.

Microsoft will release next week's security updates on Aug. 13 around 1 p.m. ET.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.