Microsoft’s Security Updates

Wednesday, November 11, 2015 @ 04:11 PM gHale

Microsoft released this month’s security updates to fix vulnerabilities in its software, including Windows 10, Edge browser, and the Office productivity suite.

Microsoft released 12 security updates, 4 of them rated as critical and aimed at all Windows versions that are still getting support (the vulnerabilities are very likely to exist in Windows XP too, but since April 2014, this particular version no longer receives security updates).

IE Continues Flawed Life, Edge Taking Over
Subsystem can Bypass EMET Security
Unsupported ICS: Not an Easy Upgrade
Age of New and Different

The list of critical patches starts with MS15-112, a cumulative security update for Internet Explorer that patches a flaw that could allow an attacker to gain the same privileges as the logged-on user with the help of a malicious website. Users need to manually load the website in Internet Explorer on an unpatched system, so if you haven’t yet installed these updates, make sure to stay away from all links coming from unknown sources. All Internet Explorer versions suffer from the issue.

Another vulnerability is MS15-113, which comes to patch an RCE flaw in Microsoft Edge. The vulnerability can end up exploited in the very same way as in the previous patch, so again, do not click any links coming from sources you don’t trust.

Third on the list is MS15-114, a security update for Windows Journal to address Remote Code Execution. This flaw exists in all Windows versions, and Microsoft said it can end up exploited when the user opens a specially crafted Journal file.

Another critical hole is MS15-115, which fixes flaws in Windows that could allow the attacker to get the same privileges as the user with the help of a compromised document or website that contains embedded fonts.

The remaining important updates focus on Microsoft Office, Windows, Skype for Business, and Lync.

Most of the attacks end up performed once users open specially crafted files, so double-checking the source of each link and document arrives in your inbox is a good way to prevent a machine from an attack.