The Redmond-based software giant, Microsoft Corporation (NASDAQ:MSFT) on Tuesday, or you can say Patch Tuesday, issued 12 bulletins fixing 56 distinct vulnerabilities in some versions of MS Office, MS Windows, and in the new Microsoft Edge browser. Microsoft shipped a total of 12 security fixes, five of them were considered as critical to the company.
According to Microsoft, there are several bugs in the system which are deemed critical and can permit remote code execution. Microsoft also reported several flaws, which are being used by attackers all around the world.
CTO of Qualys, Wolfgang Kandek, in his blog mentioned that, “the highest priority bulletin featuring updates for critical flaws in Windows Vista, Windows Server 2008, Microsoft Office 2007 and 2010, and Lync 2007, 2010, and 2013 is MS15-097. Some of the flaws are repaired with this update, so it’s obligatory for everyone to install it as soon as possible.”
Five Critical Security Updates from Microsoft
Five critical security updates issued by Microsoft are as follows:
There are several corruption flaws in Internet Explorer, which permit attackers to gain access to affected systems. Microsoft’s Windows 10 is also listed as a vulnerable system. Thus, Microsoft released an MS15-094 security update, which resolves 17 vulnerabilities in Internet Explorer.
It addresses separate memory corruption vulnerabilities in the company’s latest Microsoft Edge, which allow attackers to successfully exploit the vulnerabilities, to gain the same user right as the current user.
This update is rated important by Microsoft Corporation, as it can affect Windows, Lync, Exchange and Skype servers.
It is a highest priority update, which can fix flaws and bugs in Windows Server, Windows Vista, and Office 2007/2010. MS15-097 have also resolved vulnerabilities issues related to Lync 2007, 2010 and 2013. Bugs associated with this patch allow attackers to access the system through untrusted web pages and crafted documents files.
MS15-098 security update resolved another major flaw, which affects all supported versions of Windows and its servers. Though this update allows attackers to trigger data loss on affected systems; but, it does not allow control over the system.
All this patches issued by Microsoft will be made available through channels like Windows update.