Microsoft gets Four Critical Updates for Patch

Microsoft received critical security updates on Tuesday. Windows 8.1 comprises 12 important updates (including the Malicious Software Removal Tool). Microsoft pushed out 11 update bundles to fix more than two dozen bugs in Windows and associated softwares.

This security update resolves remote code execution (RCE) vulnerabilities in Internet Explorer which is the most severe vulnerability if a user views a specially crafted webpage using Internet Explorer.

 An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

The good news is that this month’s collection of security bulletins includes only four rated Critical.
First is MS15-033. It is rated critical for Microsoft Word 2007, Microsoft Office 2010, Microsoft Word 2010, Microsoft Office Web Apps Server 2010, Microsoft Word Viewer, Microsoft Office Compatibility Pack and Word Automation Services on Microsoft SharePoint Server 2010.

MS15-034 resolves vulnerability in HTTP.sys; it’s rated critical for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2.

MS15-032 fixes 10 security holes in Internet Explorer, nine of which are rated critical. Generally, if IE is on your machine, then you need this patch as IE6 to IE11 are vulnerable without it.

MS15-035 closes an RCE flaw in Microsoft graphics component, specifically in the Enhanced Metafile (EMF) file format that could be exploited if an attacker convinces a user to browse a maliciously crafted site, file, “or browse to a working directory that contains a specially crafted EMF image file.”

Although the raw number of updates might sound high, it represents a big drop from last month, when some PC users saw 50 or more updates on Patch Tuesday.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...