windows8patchtuesday_r1_c1Yesterday we released 8 security bulletins fixing 23 vulnerabilities. Three of the bulletins are rated critical, which means evil hackers have the potential to take over your machine through them. As far as we know, they are not being actively exploited in the wild today. However, the clock is now ticking. Hackers are going to reverse engineer our patches and figure out how to exploit the holes they patch. You want to test and implement these patches in a timely fashion before the vulnerabilities they patch start to be used to exploit machines. 

The main products effected are Windows, Internet Explorer, and Exchange Server.

I have seen articles refer to one of the bugs as “the Ping of Death for IPV6”. It seems that this vulnerability, in the IPV6 stack, will cause a denial of service from a specially crafted packet. Could be a fun tool just like the old days where you could bring down your friends unpatched machine. Smile 

Back in the 90’s I called up a coworker (a sales guy) and asked him how his machine was working. As he told me fine, I sent a “ping of death” packet to his machine which halted his Windows 95 machine. It now showed the famous blue screen of death and he started to yell at me. – Now that was fun!

Microsoft Security Bulletin Summary for August 2013

I found that Symantec does a great job of explaining each of the 23 vulnerabilities and which patch they are contained in. I recommended reading this.
Symantec – Microsoft Patch Tuesday – August 2013