View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 10, 2014

Your guide to September’s Patch Tuesday

Microsoft fixes Internet Explorer, Lync Server and .NET framework.

By Jimmy Nicholls

This week sees Microsoft’s regular Patch Tuesday update rolled out to users. The updates come accompanied with jargon filled notes, but CBR has raked through the fluff to tell you what is included.

1) 37 fixes against Internet Explorer hijacking

The popularity of Microsoft’s web browser has long made it a lucrative target for hackers, and as such the software requires regular patching. This fix for 37 vulnerabilities protects users from hijacking by hackers, with a "critical" patch rating assigned by the firm because systems could be attacked with minimal action on the user’s part.

The update also highlights the importance of restricting appropriate user privileges, which carries risks beyond insider threat. Microsoft said: "Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights." Users of Internet Explorer 6 and later versions should patch.

2) DDoS attacks blocked in .NET update

Distributed denial of service (DDoS) attacks are so common you can actually watch them unfold live on the internet. This update for the .NET programming framework protects websites against a specific form of denial of service attack.

The vulnerability is said to only affect those who have downloaded the ASP.NET framework for developing web applications and registered it with the Internet Information Services (IIS) web server. Those who have only installed the default .NET version will be unaffected, according to Microsoft.

3) Windows Task Scheduler protected against privilege snatching

A bug privately reported to Microsoft could have allowed hackers to advanced their user privileges, though only if they had credentials to access the system. Though this flaw cannot be exploited remotely, server admins should not be complacent about the insider threat it could enable.

Hackers who exploit the vulnerability are said to be able take full control of the system in the worst case scenarios. Windows 8 users are advised to apply the patch, or alternatively turn off the Task Scheduler through the registry settings at their own risk.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

4) Microsoft Lync Server shielded against crashing

Microsoft’s enterprise messaging software was found to be vulnerable to two separate denial of service attacks and one data snatching bug. The worst bug allowed hackers to crash a Lync server by sending a "specially crafted" request to it.

Though the flaw is thought unlikely to be exploited, the company recommends clients update their systems. It added that clients can reduce risk to their firms by reading emails in plain text or blocking ActiveX controls and Active Scripting through their web browser.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.