14 DAY TRIAL // Microsoft has rolled out a total of 14 security updates for its software as part of the Patch Tuesday cycle that takes place today, with 40 percent of these bulletins also being aimed at Windows 10.
Three of the updates included in this rollout are rated as critical, while the remaining 11 are considered to be important, so system administrators and users alike are highly recommended to prioritize the deployment of the critical patches.
Windows, Office, and IE
One of the critical bulletins is MS15-079, which includes a cumulative security update for Internet Explorer and fixes a remote code execution in the browser. As usual, Microsoft says that users must load a compromised website with Internet Explorer on an unpatched system in order for an attacker to exploit the flaw, so make sure you stay away from links coming from suspicious sources until you patch.
The second critical fix is MS15-080 and it addresses vulnerabilities in Microsoft Graphics components that once again would allow remote code execution.
“This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts,” Microsoft explains.
And last but not least, the third critical fix, MS15-081, is aimed at Microsoft Office and fixes remote code execution flaws that would allow an attacker to exploit the flaw when the user opens a malicious Office document on their computer.
All Windows operating systems are getting patched with MS15-085, which comes to fix a 0-day vulnerability in Mount Manager of Windows. Basically, a successful exploit involves the user connecting a USB stick to a vulnerable machine, as files stored on the drive could be launched automatically to run code. Public exploits are also being reported, so install this patch too.
As usual, all fixes are being delivered via Windows Update and some will require a reboot, which means that you need to save your work before starting the install.