14 DAY TRIAL // This month's Patch Tuesday rollout brought us a total of six security updates, including a critical fix for Windows systems that's supposed to fix a flaw which allowed attackers to easily get the same rights as the logged-in user.
The vulnerability is described in bulletin MS15-106 and exists in absolutely all Windows versions currently on the market, so users of Vista, 7, 8, 8.1, and 10 should all install this one as soon as possible.
Additionally, Windows RT and Windows Server versions also received the patch. The same security hole is very likely to exist in Windows XP as well, but given the fact that support for this particular OS version ended in April 2014, computers running it are no longer getting patched.
Exploit through Internet Explorer
According to Microsoft, the exploit is taking place through Internet Explorer, which must be directed to a website hosting malicious code specifically created to take advantage of the vulnerability. This means that the user must knowingly click on the link, so if you haven't yet patched your system, just make sure you don't click any suspicious websites landing in your inbox.
If the attacker manages to compromise a vulnerable computer, they get the same rights as the logged-in user, so it's easy to figure out what could happen if this user has administrator privileges. Basically, the attacker gets full control over a computer that's not yet running the patch.
If you're not using Internet Explorer, you are a little bit more secure, but you're still recommended to patch ASAP. All versions of IE are affected, starting with 7 and ending with 11. Microsoft Edge is not affected.
Just like all the other patches, this one is shipped via Windows Update, so if you have this option turned on, then you don't have to do anything else. Security experts recommend everyone to prioritize the deployment of this particular bulletin to make sure their machines are secure.
Researchers from FireEye, HP Zero Day Initiative, Trend Micro, and Verisign have all contributed to finding and patching this flaw.