22 holes closed in Microsoft's August Patch Tuesday

As announced, Microsoft has issued 13 bulletins to close a total of 22 vulnerabilities on its August Patch Tuesday. Most of the holes are in Internet Explorer, as described in bulletin MS11-057. This bulletin includes a total of five vulnerabilities that were reported to Microsoft and two holes that had already been made public. Among other issues, the holes allow attackers to infect systems with malicious code, for example, through the use of specially crafted telnet:// URLs.

A hole in Windows Server 2008 and 2008 R2 has also been rated as critical by Microsoft in bulletin MS11-058. By sending specially crafted Naming Authority Pointer (NAPTR) packets to the DNS Server, attackers can inject and execute arbitrary code. However, users who don't run the DNS Server are not vulnerable. The update also closes two Denial-of-Service holes that allows attackers to cripple the server, MS11-064 and MS11-065. The latter problem also affects Windows Server 2003 SP2.

Furthermore, Microsoft has released updates with a rating of "important" or higher for Windows XP SP3 to Windows 7, Office 2003 to 2010 (Visio) and the .NET framework. Many of these vulnerabilities can be exploited to quietly infect a PC with malware in the background. However, they usually require users to manually open a specially crafted document, which lowers their risk levels. In short: those who use Windows or run a Windows-based server should make sure they install all current Microsoft patches as soon as possible. An overview of all the patches is available in the Microsoft Security Bulletin Summary for August 2011.

(djwm)