Microsoft has issued its monthly Patch Tuesday by releasing 14 security bulletins, nearly half of it address vulnerabilities in its latest operating system, Windows 10.
Four of them are marked critical, affecting Windows, .Net Framework, Microsoft Office, Microsoft Lync, Internet Explorer, Microsoft Silverlight and Edge Browser.
Yes, the critical update includes even Edge browser – Microsoft’s newest and supposedly super-secure web browser.
Windows users are advised to patch their system as soon as possible because the security flaws can be remotely exploited to execute malicious code on vulnerable systems, allowing hackers to install malware and take full control of systems.
Most Critical Security Updates:
- MS15-079 – The critical update fixes a total of 10 privately disclosed flaws in Internet Explorer. Most of these flaws allow a hacker to execute malicious code on victim’s machine by exploiting a series of memory corruption flaw in the browser.
- MS15-080 – The update fixes security flaws in Microsoft Lync, Silverlight, .NET Framework, Office, and Graphics Component for Microsoft Windows, which could allow hackers to run malicious code with full administrative rights by fooling a user into opening an untrusted web page that contains embedded TrueType or OpenType fonts. The update is marked critical for Windows Vista through Windows 10 and all supported versions of Windows Server.
- MS15-081 – The update fixes a total of eight vulnerabilities in Office 2007-2016, including Office for Mac. The flaws could allow hackers to execute remotely malicious code with full admin privileges if a malicious file was opened by a victim.
- MS15-091 – It is a cumulative security update for Windows 10’s newest browser, Microsoft Edge. It includes fixes for four critical flaws that could allow an attacker to execute remotely malicious code on an affected system if a user visits a specially-crafted webpage.
Security Bulletins Rated as Important:
- MS15-084 – The update patches information disclosure vulnerabilities in XML Core Services.
- MS15-085 – The update patches an elevation of privilege vulnerability in Mount Manager that allows hackers to gain administrator-level access if they plug in an evil USB device.
- MS15-086 – The update patches an elevation of privilege vulnerability in System Center Operations Manager.
- MS15-087 – The update patches an elevation of privilege vulnerability in UDDI Services in Windows Server 2008 and Server Core Installation.
- MS15-089 – The update patches an information disclosure flaw in WebDAV for Windows Vista through Windows 8.1 and Windows Server 2008 and Server 2012.
- MS15-090 – The update patches elevation of privilege vulnerabilities in Windows that could allow a miscreant to gain admin-level access.
- MS15-092 – The update patches elevation of privilege vulnerabilities in .NET Framework for Windows Vista through Windows 10 and Server Core Installation, allowing hackers to gain administrator-level access.
