Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Computing / Microsoft Issues 12 Security Fixes
Microsoft Issues 12 Security Fixes on Patch Tuesday, 5 Critical
Microsoft Issues 12 Security Fixes on Patch Tuesday, 5 Critical
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Redmond yesterday released 12 new security patches as part of its monthly update to offer protection against malicious attackers. Microsoft is encouraging customers to apply the updates as soon as possible.

Microsoft is patching holes in its Active Directory Service; Microsoft Graphics Component; Windows Journal; Microsoft Office; Windows Media Center; .NET Framework; Windows Task Management; Microsoft Exchange Server; Skype for Business and Lync Server; Edge browser; and Internet Explorer.

Five of the bulletins target critical remote code execution vulnerabilities; seven vulnerabilities are rated important. Most security industry watchers are putting MS15-097, which fixes flaws in Microsoft Office, at the top of the list.

“The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file,” Microsoft said in its security advisory. “An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”

Nothing Impressive

We turned to Tyler Reguly, manager of security research at advanced threat protection firm Tripwire, to get his comments on the latest round of patches. He told us the best word to describe this month is probably “vanilla.”

“There's nothing overly fancy or impressive that stands out in the list of updates, it's the usual flavor that we see month after month without anything [exceptional] or unique in the list,” Reguly said.

“In both 2010 and 2013, Microsoft released 106 security bulletins. This was, to date, the highest number of bulletins released in a single year by Microsoft,” he said. “With Microsoft releasing bulletin MS15-105 in September, it'd be a pretty safe bet to say that 2015 will be a record setting year for Microsoft Bulletins.”

Tame by Comparison

Craig Young, security researcher at Tripwire, agreed with the “vanilla” description. He told us the September Patch Tuesday listing is rather tame by comparison to some of the exotic bugs that were fixed over the summer.

“The four memory corruption bugs addressed in the second round of patches for Microsoft Edge however did catch my interest,” he said. "We have a dramatically lower CVE count in the Edge bulletin compared to the IE bulletin.”

This is likely a consequence of how proficient researchers have become with fuzzing IE and may change as researchers revamp their toolkits to target Windows 10 and specifically Edge, Young said.

“Looking at the four Edge vulnerabilities patched in August and the four memory corruption bugs addressed Tuesday, it is apparent that Edge and IE are at least sharing some libraries, if not more substantial components of the Web rendering engine,” he said. “This would seem to reinforce the notion that original security research is still being performed first and foremost on the IE browser.”

Image credit: iStock.

Tell Us What You Think


Vivvy Gurnett:
Posted: 2015-09-10 @ 1:04am PT
I think it is all a bit confusing. My computer checks out as ready for 10 but each try has failed! They haven't tried since September 3rd. Sounds like I have missed the bullet again. :)

Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.