The company rolled out this month’s Patch Tuesday updates

Oct 15, 2014 06:48 GMT  ·  By
All patches are delivered to systems via Windows Update; some require a system reboot
   All patches are delivered to systems via Windows Update; some require a system reboot

Microsoft released a total of eight security updates for Windows, Internet Explorer, and Office as part of its monthly Patch Tuesday rollout, thus addressing a total of 24 different vulnerabilities.

The company initially announced nine different security bulletins, but one of them addressing a moderate vulnerability in Microsoft Office was delayed due to undisclosed reasons.

Three of the eight security patches are labeled as critical and two require a restart, so system administrators should save work on the computers receiving patches before actually starting the deployment process. The other five updates are considered to be important and address flaws in Microsoft Developer Tools, Windows, and Office.

All are obviously being shipped to computers via Windows Update, so turning on this feature and keeping the systems connected to the Internet should be enough to receive this month’s patches.

Critical patches for Windows and Internet Explorer

One of the most important updates released this month is called “Cumulative Security Update for Internet Explorer” and is labeled as KB2987107. Part of bulletin MS14-056, this particular patch resolve 14 privately reported vulnerabilities in Microsoft’s Internet Explorer.

All versions of the browser are affected by these flaws, so everyone should prioritize the deployment of the patch.

According to Microsoft, the most severe of these 14 security issues would allow an attacker to gain the same rights as the logged-in user and thus get the power to run malicious code on a vulnerable system. Risks are lower, however, in the case of users without administrative privileges.

The MS14-058 bulletin contains KB3000061, a security fix designed to address two vulnerabilities in kernel-mode driver on Windows. If unpatched, the flaw would enable an attacker to “open a specially crafter document or to visit an untrusted website that contains embedded TrueType fonts.”

This is an older vulnerability that was said to be exploited in the wild and since it’s affecting all Windows versions on the market, it’s really critical to patch all systems as soon as possible.

24 different Internet Explorer vulnerabilities patched

October is a really busy month for Windows users running Internet Explorer on their computers, as the company fixed a total of 24 different vulnerabilities in the browser.

In addition to all these security patches, Internet Explorer also received a new Flash Player version from Adobe, also via Windows Update. The new Flash Player build fixes security flaws in the previous builds, so it’s mandatory for Internet Explorer users to deploy it as well.

Flash Player is a built-in feature of Internet Explorer 10 and 11, so only those running Windows 8 and Windows 8.1 will get it. Users of older browsers need to download the new release manually.

October 2014 Security Updates