Microsoft received critical security updates on Tuesday. Windows 8.1 comprises 12 important updates (including the Malicious Software Removal Tool). Microsoft pushed out 11 update bundles to fix more than two dozen bugs in Windows and associated softwares.
This security update resolves remote code execution (RCE) vulnerabilities in Internet Explorer which is the most severe vulnerability if a user views a specially crafted webpage using Internet Explorer.
An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
The good news is that this month’s collection of security bulletins includes only four rated Critical.
First is MS15-033. It is rated critical for Microsoft Word 2007, Microsoft Office 2010, Microsoft Word 2010, Microsoft Office Web Apps Server 2010, Microsoft Word Viewer, Microsoft Office Compatibility Pack and Word Automation Services on Microsoft SharePoint Server 2010.
MS15-034 resolves vulnerability in HTTP.sys; it’s rated critical for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2.
MS15-032 fixes 10 security holes in Internet Explorer, nine of which are rated critical. Generally, if IE is on your machine, then you need this patch as IE6 to IE11 are vulnerable without it.
MS15-035 closes an RCE flaw in Microsoft graphics component, specifically in the Enhanced Metafile (EMF) file format that could be exploited if an attacker convinces a user to browse a maliciously crafted site, file, “or browse to a working directory that contains a specially crafted EMF image file.”
Although the raw number of updates might sound high, it represents a big drop from last month, when some PC users saw 50 or more updates on Patch Tuesday.