14 DAY TRIAL // Microsoft Edge has received its very own share of security updates on this month’s Patch Tuesday rollout, and all users are recommended to install these as soon as possible because they address critical bugs that could allow for remote code execution.
MS15-095 is a critical security bulletin specifically aimed at Microsoft Edge, and it fixes a total of four different vulnerabilities, all rated as critical on Windows clients and moderate on Windows servers. They’re also flagged as memory corruption vulnerabilities and rely on websites that have been compromised by attackers and that need to be loaded from an unpatched system.
Microsoft explains how a successful exploit would work:
“The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit these vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an instant messenger or email message that takes users to the attacker's website, or by getting them to open an attachment sent through email.”
Vulnerabilities in Internet Explorer too
The same vulnerabilities found in Microsoft Edge also exist in Internet Explorer and are patched with bulletin MS15-094, so even if you’re not on Windows 10 yet, you’re still at risk, especially if you are using Microsoft’s old browser on a regular basis.
As a general recommendation, you should avoid clicking on unknown links coming from sources that might compromise your computer, so whenever you suspect a link could harm your PC, you’d better stay away from it.
Microsoft has made it clear that a successful exploit involves user interaction, so if you keep an eye on every click, you should be safe until you patch. Afterwards, your PC should be fully secure.