CONFERENCE Cyber AI & Automation Summit - NOW LIVE
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Releases Critical Security Updates for Internet Explorer, Windows

Microsoft released eight security bulletins today as part of this month’s Patch Tuesday, including two critical updates for Windows and Internet Explorer.

Microsoft released eight security bulletins today as part of this month’s Patch Tuesday, including two critical updates for Windows and Internet Explorer.

The Internet Explorer bulletin addresses some two dozen vulnerabilities, that most severe of which enable an attacker to remotely execute code. Though one of the bugs – CVE-2015-1765 – has been publicly disclosed, none of the vulnerabilities are known by Microsoft to be getting exploited in the wild.

“Internet Explorer (IE) is in the top spot of our recommendations this year as it has been for the last 12 months with the occasional exception of more urgent 0-days in Microsoft and Adobe products,” blogged Qualys CTO Wolfgang Kandek. “The reason is that security researchers continue to report a large number of vulnerabilities in IE – on average over 20 per month.”

The other critical bulletin resolves a vulnerability that could be used to remotely execute if Windows Media Player opens a specially-crafted media content hosted on a malicious website. Users with fewer rights on an affected system would be less impacted than those running with administrative rights, according to Microsoft.

Though those are the only two critical bulletins, an update rated ‘Important’ impacting Microsoft Office (MS15-059) has also received attention from researchers. That should be second on organization’s list of priorities after the IE bulletin, noted Russ Ernst, director of product management at HEAT Software.

“Although rated as important, it impacts all shipping desktop versions of Microsoft Office,” he explained. “This bulletin addresses 3 vulnerabilities in Office which an attacker can use for remote code execution.”

The remaining bulletins are all rated ‘Important’, and impact Windows and Microsoft Exchange Server.

“In general, everyone will want to apply the Internet Explorer patch and Office patch on all workstations and servers as soon as possible,” said Craig Young, security researcher at Tripwire. “Exchange Administrators will also want to focus on getting MS15-064 deployed if their business makes use of Exchange web applications.”

Advertisement. Scroll to continue reading.

In addition to the Microsoft bulletins, Adobe Systems today released some patches of its own. According to Adobe, none of the security vulnerabilities are known to be getting exploited. The updates impact Adobe Flash Player and AIR and address 13 security bugs.

“To fully update Flash you will need to apply multiple updates. Flash Player and AIR installed at the OS level and plug-ins for Internet Explorer (Advisory), Chrome, and Firefox,” noted Chris Goettl, product manager with Shavlik Technologies. “The updates should be rolled out as soon as possible. Google has released an update for Chrome. The only fix in this release is support for the latest Adobe Flash plug-in. Roll this out as soon as possible.”

“Mozilla Firefox has a new download available, but no bulletin information has released at this time,” he added. “There will likely be security updates coming, but the count is unknown at this time.” 

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Video platform Vimeo has appointed Ryan Weeks as Chief Information Security Officer.

LPL Financial has welcomed Renana Friedlich as Chief Information Security Officer.

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.