Windows 10, Internet Explorer, Office Fixes on Patch Tuesday
Microsoft yesterday issued 14 security bulletins, including fixes for the brand spanking new Windows 10. All told, the patches fix 52 vulnerabilities in Windows, Windows Server, Internet Explorer, Office and other Microsoft products. Four of the bulletins are considered critical. Some of the vulnerabilities are being exploited in the wild.
Despite the launch of Windows 10 and all the talk about mandatory updates, Patch Tuesday rolls on. Russ Ernst, director of product management at Heat Software (formerly Lumension), told us this month everyone should pay attention.
“Microsoft shared a vulnerability smorgasbord [on Tuesday] -- offering a little something for everyone. From office and browser applications to desktops and servers, Microsoft covered them all with 14 bulletins,” Ernst said. “Some are for Windows 10, but the majority are for legacy versions of the OS, as expected. Regardless of the Windows version you are using, it’s time to patch. Again.”
Edge Already Updated
One of the vulnerabilities security researchers are talking about most is MS15-085, which addresses a vulnerability in the mount manager that could allow attacks elevated privileges if an attacker inserts a malicious USB device into a target system. According to Microsoft, an attacker could then write a malicious binary to disk and execute it.
But that’s not the one you should necessarily patch first. Ernst said MS15-081 should be first on the list. This critical update patches eight vulnerabilities in Office 2007, 2010 and 2013 and exploits are being detected in the wild now. Next, he said IT admins should target MS-079, which is a critical, cumulative update to Internet Explorer that addresses a whopping 13 vulnerabilities. This vulnerability paves the way for remote code execution and the attacker could even gain full user rights to a machine.
“And speaking of Web browsers, if you’re using Windows 10, Microsoft has also updated their new browser, Edge,” said Ernst. “Said to be the new IE, this new browser is already under attack and critical-ranked MS15-091 addresses 4 CVEs. And, for all the Adobe Flash users out there, you will want to update with APSB15-19. Published today, this update fixes 34 vulnerabilities in Flash Player, including fixes for Flash Player for Edge. There are no active exploits known at this time but it of course won’t be long.”
Speaking of browsers, security firm Qualys CTO Wolfgang Kandek told us that last week Firefox version 39 was under attack through a vulnerability in the built-in PDF reader. The hole let attackers retrieve files from the machine. In case you hadn’t heard, Mozilla published version 39.0.3 to fix the issue.
“Next up is the monthly Adobe Flash update. APSB15-19 addresses 34 vulnerabilities and all but one are rated as critical, possibly leading to remote code execution,” Kandek said. “However, there are no known exploits for Adobe Flash at this point in time. Users of Google Chrome and IE10 and 11 get their updates through their respective browsers, users of Firefox, Safari, and Opera need to update manually by going to Adobe’s site.”
Kandek also noted that 40 percent of the August patches for generic Windows apply to the newest version of the operating system: Windows 10.
“Windows 10 fares a bit better than Windows 8, which had 60 percent in its first two months, where three out of five bulletins were applicable,” Kandek said. “From a security perspective Windows 10 brings much improvement and we are curious to see how the acceptance of Windows 10 will play out, especially comparing the enterprise side and consumer side.”
Read more on: Patch Tuesday
, Internet Explorer
, Microsoft Office
, Data Security
, Network Security
, Enterprise IT
, Top Tech News
Posted: 2015-09-06 @ 3:38pm PT
I lost all my Favorites when I switched to Edge.
Posted: 2015-08-24 @ 10:48am PT
Hi Shirley, try this: You need to click on the Microsoft Edge logo to open the window that will let you choose another Web browser as your default. You should then see a choose-app screen that enables you to click on one of several browser options, including Firefox, Google Chrome, Internet Explorer or Edge.
Posted: 2015-08-24 @ 10:29am PT
I don't see Internet Explorer on my Windows 10. How do I get it, or find it? I downloaded Windows 10 on July 29th, but no Internet Explorer. I have Micro Edge, and just that. Help me.
Posted: 2015-08-24 @ 10:21am PT
I just want my damn Windows Internet Explorer back. Grrrrrrr
Posted: 2015-08-22 @ 9:39am PT
Windows 10 and Intuit Quickbooks - any versions - not compatible. Microsoft replaced Internet Explorer with Edge and Quickbooks needs internet explorer to run. Intuit is not ready for their patch and Microsoft should have created emulator for Quickbooks to run. I had to reverse back to Windows 8.1.
Posted: 2015-08-16 @ 4:22am PT
I wish I never saw Windows 10. I lost all of Windows 7, now I need to pay someone to fix it.
Posted: 2015-08-12 @ 1:39pm PT
Please tell me how to remove Windows 10?