Patch Tuesday Hikes IE Security

Wednesday, June 10, 2015 @ 02:06 PM gHale

There was a smaller allotment of patches this month from Microsoft, with two critical patches to deal with and six important.

MS15-056 is a critical cumulative update for Internet Explorer addressing 24 CVEs. The issue at hand is attackers could force a remote code execution and gain the same rights as the affected user.

Patch Tuesday Fixes 46 Flaws
Adobe Updates Flash Player
Windows, Flash Zero Days Targeted
Flash Bug Allows Secret Video, Audio

MS15-059, while rated important, impacts all shipping desktop versions of Microsoft Office. This bulletin addresses three vulnerabilities in Office which an attacker can use for remote code execution.

The critical MS15-057 affects Windows Media Player where it can allow full user rights to the attacker when a malicious file plays, but the user will need to also focus n a vulnerability in Adobe Flash. APSB15-11 is the eighth update of Flash Player this year and updates 13 vulnerabilities that span across Windows and Mac desktops.

Microsoft unveiled it will release Windows 10 July 29. For a year, this upgrade will be available for free and will continue for the lifetime of any device you install it on: A PC, tablet, or phone.

Microsoft said they will continually update the OS with new features and security updates without the fanfare of a new OS version number, without the costly endeavor of testing code and holding on to it until a pre-selected release date. In time, this should result in a simpler, safer computing experience, they said.