Redmond rolled out a total of 8 updates this Patch Tuesday

Jun 10, 2015 04:29 GMT  ·  By

Microsoft released 8 different security updates this Patch Tuesday to fix flaws in Windows and Internet Explorer, pushing the overall count of security bulletins for 2015 to 63.

Out of the eight security fixes, 2 are rated as critical and target flaws in Windows and Internet Explorer, which, according to the company, can allow remote code execution in case of successful exploitation and thus provide the attacker with full control over an unpatched system.

MS15-056 is a cumulative security update for Internet Explorer that will require a system reboot, so system administrators should have this in mind when installing this month’s Patch Tuesday fixes.

Microsoft says that, in order to exploit the vulnerabilities in Internet Explorer that this patch is trying to fix, the attacker needs to trick the user into visiting a specially crafted webpage that contains elements that would help exploit an unpatched system. If the exploit is successful, the attacker can obtain the same privileges as the logged-in user.

The patch is being delivered to all Windows versions currently supported by Microsoft (Windows XP users are left unprotected because of EOS).

MS15-057, on the other hand, is the second critical security update and is trying to fix flaws in Windows Media Player, which could once again lead to remote code execution.

“The vulnerability could allow remote code execution if Windows Media Player opens specially crafted media content that is hosted on a malicious website,” Microsoft explains, adding that the attacker could obtain the same rights as the logged-in user.

Again, all Windows versions that are still receiving support should get this patch.

Six other important updates

In addition to the two critical security updates, there are six other important patches that come to fix flaws in Office and Windows. In most of the cases, remote code execution is possible in the event of a successful exploit, so Microsoft recommends users to install them immediately.

All patches are being delivered via Windows Update, so if your computer is connected to the Internet, no user input should be required.

Until now, we’re not aware of any broken patches that could cause trouble on Windows machines, but we’re still analyzing some reports and will update you with more information once we have it.