14 DAY TRIAL // Microsoft has just rolled out this month’s Patch Tuesday updates to fix security vulnerabilities in its software, including Windows 10, Edge browser, and the Office productivity suite.
Redmond has released a total of 12 security updates, 4 of them rated as critical and aimed at all Windows versions that are still getting support (the vulnerabilities are very likely to exist in Windows XP too, but since April 2014, this particular version no longer receives security updates).
Critical security updates
The list of critical patches starts with MS15-112, a cumulative security update for Internet Explorer that patches a flaw that could allow an attacker to gain the same privileges as the logged-on user with the help of a malicious website. Users need to manually load the website in Internet Explorer on an unpatched system, so if you haven’t yet installed these updates, make sure to stay away from all links coming from unknown sources. All Internet Explorer versions are affected.
Then, there’s MS15-113, which comes to patch an RCE flaw in Microsoft Edge. The vulnerability can be exploited in the very same way as in the previous patch, so again, do not click any links coming from sources you don’t trust.
Third on the list is MS15-114, a security update for Windows Journal to address Remote Code Execution. This flaw exists in all Windows versions, and Microsoft says that it can be exploited when the user opens a specially crafted Journal file.
And the last critical but not less important, though, is MS15-115, which fixes flaws in Windows that could allow the attacker to get the same privileges as the user with the help of a compromised document or website that contains embedded fonts.
The remaining important updates are aimed at Microsoft Office, Windows, Skype for Business, and Lync, so make sure you deploy everything to stay on the safe side.
As you can see, most of the attacks are performed once users open specially crafted files, so double-checking the source of each link and document that arrives in your inbox is one very handy way to prevent your computer from getting hacked until you patch.