Microsoft Releases 12 Security Updates, Five Critical

Microsoft has recently started the rollout of this month’s Patch Tuesday updates to computers across the world, shipping a total of 12 security fixes, five of which are rated as critical.

This month, the Redmond-based software giant is fixing flaws in some of its most-used software, including Windows, Edge browser (only available in Windows 10), Microsoft Office, and Exchange Server, so both consumers and IT administrators have a lot of updates to prepare their computers for this time.

What’s in this month’s rollout?

There are five critical security updates, as follows:  

“One of the vulnerabilities, rated as only as important in the bulletin is under attack in the wild: CVE-2015-2546 allows for an escalation of privilege once on the machines, allowing the attacker to become administrator of the targeted machine. CVE-2015-2546 affects all versions of Windows including Windows 10,” he adds.

Needless to say, MS15-094 is also critical to the majority of users because it patches security bugs in Windows and Internet Explorer. The latter might no longer be the default browser in Windows 10, but it’s still there and being used by users on previous versions of Windows, so patching its flaws is vital.

A total of 17 security flaws are being patched with this bulletin and no less than 14 are flagged as critical because they allow for remote code execution when a compromised website is loaded.

“These Remote Code Execution (RCE) vulnerabilities are a mainstay for mass infections that many attack groups look for. We label them ‘opportunistic’ because they do not choose their targets specifically, but rather make their money by infecting as many machines as possible,” Kandek goes on to detail.

As it happens every month, all these patches are being delivered via Windows Update, so save your work and start installing as soon as possible to remain on the safe side.