August Patch Tuesday to Address 22 Windows Flaws

Microsoft's August Patch Tuesday will be relatively moderate, though it does address 22 flaws. According to Microsoft, 13 of the patches addressed in August Patch Tuesday will address 22 flaws in a number of different programs, including Windows, Internet Explorer (IE), Visio and Visual Studio.

Compared to last month's Patch Tuesday, the one set for release next Tuesday (August 9th) is only slightly larger: there are more patches offered, but the number of vulnerabilities remains the same. The number of fixes released this month is somewhat unusual as historically, Microsoft doles out fixes for a significantly higher number of flaws on even-numbered months. (Source: zdnet.com)

Moderate Number of Flaws Addressed Out-of-the-Ordinary

"Twenty-two [vulnerabilities] is not a big month, it's more in the medium range, what with the larger numbers we've seen so far in 2011," noted nCircle Security's Andrew Storms. (Source: computerworld.com)

"Overall, it's what we could have expected, although as an 'up' month, the number [of vulnerabilities] isn't up to the usual... The number [of flaws] each month is increasing... A new baseline is being drawn this year."

To get an understanding of what Microsoft usually does on even-numbered months, one only has to look to June -- when the company released 16 updates for 34 vulnerabilities.

Windows Server 2008, IE Flaws Most Significant

As for this month, just two of the 13 bulletins have been rated "critical," Microsoft's highest security rating. Nine have been dubbed "important," while the rest are listed as "moderate."

Getting the most significant (or "critical") fixes are Internet Explorer and Windows Server 2008. It's being reported that the IE bug -- which affects every version but in different ways -- could allow a hacker to compromise a Windows PC. Unfortunately, Microsoft is remaining mum on the details for most of the fixes, something that's not sitting well with security experts.

"It's like reading tea leaves," Storms said. "There's very little to go on and a lot of data at the same time. It's just difficult to read anything from what we have here."