Microsoft’s June Patch Tuesdays are usually light and this year’s release was no exception. On Tuesday the tech giant pushed out eight bulletins, including two critical updates and six important updates.
Redmond issued fixes for critical bugs in Internet Explorer and Windows Media Player. Flaws rated “important” in Microsoft Office, Microsoft Common Controls, Windows, Active Directory Federation Services, and Microsoft Exchange Server also received patches.
The relatively low number of patches is good news for those who have their sights set on summer vacation. But Russ Ernst, director of product management at security solutions firm HEAT Software, told us this release also makes us wonder how many more of these Patch Tuesday cycles we will have. But first things first.
Please Patch Now
“If you’re using IE, patch it now, please. We see a patch every month for this popular browser for a reason,” Ernst said. “The bad guys love to exploit it along with all of the other popular browsers like Firefox and Chrome, and in too many instances, they are successful. This month, attackers could force a remote code execution and gain the same rights as the affected user.”
MS15-059 should be second on your list of priorities, according to Ernst. That’s because although rated as important, it impacts all shipping desktop versions of Microsoft Office. The bulletin addresses three vulnerabilities in Office that an attacker can use for remote code execution.
“There are other Microsoft bulletins to deal with -- including critical MS15-057 that impacts Windows Media Player and grants full user rights to the attacker when a malicious file is played," he said. "But you’ll also need to prioritize a vulnerability in Adobe Flash. APSB15-11 is the eighth update of Flash Player this year and updates 13 vulnerabilities that span across Windows and Mac desktops."
Patch Tuesday Questions Remain
So what about Patch Tuesday? Ernst said the release of Windows 10 may change how you push security updates. He said that Microsoft “has been clear as mud on this process question” and pointed to a Microsoft FAQ explaining that licensed Home users will see updates pushed automatically when they become available.
“This process should get the millions of Home machines using Windows updated faster, and that’s a good thing, but what about the patches that fail? Are Home users the unfortunate testing ground?” he asked. “Only time will tell. And while enterprise users will have more choice on when to push updates, how that gets done has not yet been precisely defined.”
In conclusion, Ernst said he sees plenty of legacy software that needs updating in this month’s patch load. He said that concerns him because the new Windows Update for Business does not make clear how these systems will be updated.
“Will organizations who choose to remain on older systems receive updates on the typical Patch Tuesday cycle? It isn’t clear yet but one thing remains true. If you can update, you should,” he said. “Remember, Windows Server 2003 reaches end of life next month. Hopefully you are working your migration plan.”
Read more on: Patch Tuesday
, Internet Explorer
, Windows Media Player
, Microsoft Office
, Data Security
, Network Security
, Enterprise IT
, Top Tech News