14 DAY TRIAL // Microsoft has released a total of six security updates this Patch Tuesday, which makes it one of the lightest of the year, with three of them considered to be “critical,” while the other three are marked as “important.”
First of all, the critical updates.
MS15-106 is a cumulative security update for Internet Explorer that affects all versions of the browsers currently on the market (but not Microsoft Edge) and is supposed to resolve vulnerabilities in the browser. Microsoft says that the most severe vulnerabilities could allow an attacker to get the same privileges as the logged-in user with the help of a compromised website holding dangerous code.
RCE in Windows
MS15-108, on the other hand, addresses a remote code execution flaw in Microsoft Windows and is a security update for Jscript and VBScript. Microsoft explains:
“This security update resolves vulnerabilities in the VBScript and JScript scripting engines in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website.”
The third critical security update, MS15-109, also patches remote code execution flaws in Microsoft Windows and includes a security update for Windows Shell. This time, the attacker could have exploited the flaw with the help of a compromised toolbar object in Windows or dangerous content posted online.
The other three important security updates, MS15-107, MS15-110, and MS15-111, fix flaws in Windows, Microsoft Edge browser (only available in Windows 10), Office, Office Services and Web Apps, and Server.
Just like it happens on every Patch Tuesday, all these updates are available via Windows Update, so make sure you get them as soon as possible to stay secure. A reboot will be required, so IT administrators should save work on all computers that are about to get patched before initializing installation.