Microsoft Patches Windows, IE, Edge, Office

Friday, October 16, 2015 @ 11:10 AM gHale

Microsoft’s October bulletin patch release addresses over 30 vulnerabilities affecting Windows, Internet Explorer, Edge and Office.

One of the bulletins rated critical is MS15-106, which resolves 14 vulnerabilities in Internet Explorer. The list of flaws includes memory corruption, privilege escalation, information disclosure, and VBScript and JScript ASLR bypass issues impacting Internet Explorer and the scripting engine.

OWA Server Attacked
Unsupported ICS: Not an Easy Upgrade
Age of New and Different
German Steel Mill Attack: Inside Job

In this vulnerability a remote attacker could execute arbitrary code execution by tricking the targeted user into viewing a specially crafted webpage via Internet Explorer.

Another bulletin rated “critical” is MS15-108, which patches information disclosure, memory corruption, and ASLR bypass vulnerabilities in the VBScript and JScript scripting engines in Windows.

A bulletin that addresses remote code execution flaws in Windows is also critical. The bugs are the result of the way Windows Shell and the Microsoft Tablet Input Band handle objects in memory.

The bulletins rated “important” fix weaknesses in Edge, Office, and the Windows kernel. The flaws could end up causing information disclosure and remote code execution.

Microsoft said there is no evidence these vulnerabilities are suffering from exploitation at this time.