14 DAY TRIAL // Microsoft rolled out a total of 14 security updates as part of this month’s Patch Tuesday cycle, with no less than 12 of them being aimed at the company’s Windows operating system.
Five of the updates released to computers across the world are rated as “critical,” and four are supposed to fix vulnerabilities in Windows, while the other one is expected to address a security glitch in Office. The other nine updates are considered to be “important,” with 8 of them once again aimed at Windows. The last one brings fixes for Exchange Server.
The two stars of this month’s Patch Tuesday rollout are MS15-018 and MS15-031, both of which are fixing critical security flaws that were publicly disclosed.
All Internet Explorer versions getting patched
MS15-018 brings fixes for an undisclosed number of vulnerabilities in Internet Explorer, which Microsoft says could allow remote code execution when the target computer loads a malicious website with the browser.
The company says that an attacker who manages to exploit the vulnerability in this way could obtain the same privileges as the logged-in user, and needless to say, administrator rights could allow an attacker to compromise a system in a very short time.
All Internet Explorer versions are affected, starting with IE6 and ending with IE11, but keep in mind that only newer versions of the browser are getting patched as Microsoft already ended support for IE builds that were working on Windows XP.
Last but not least, MS15-031 is aimed at the Schannel vulnerability, also referred to as the FREAK security hole, which has already been confirmed on many other platforms besides Windows.
“The vulnerability could allow a man-in-the-middle (MiTM) attacker to force the downgrading of the key length of an RSA key to EXPORT-grade length in a TLS connection. Any Windows system using Schannel to connect to a remote TLS server with an insecure cipher suite is affected,” Microsoft confirms.
Thanks to this patch, all Windows users are now fully protected, but don’t forget that the same flaw exists in Windows XP, an OS version that no longer receives support since April 2014.