Microsoft gets Four Critical Updates for Patch

Microsoft received critical security updates on Tuesday. Windows 8.1 comprises 12 important updates (including the Malicious Software Removal Tool). Microsoft pushed out 11 update bundles to fix more than two dozen bugs in Windows and associated softwares.

This security update resolves remote code execution (RCE) vulnerabilities in Internet Explorer which is the most severe vulnerability if a user views a specially crafted webpage using Internet Explorer.

 An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

The good news is that this month’s collection of security bulletins includes only four rated Critical.
First is MS15-033. It is rated critical for Microsoft Word 2007, Microsoft Office 2010, Microsoft Word 2010, Microsoft Office Web Apps Server 2010, Microsoft Word Viewer, Microsoft Office Compatibility Pack and Word Automation Services on Microsoft SharePoint Server 2010.

MS15-034 resolves vulnerability in HTTP.sys; it’s rated critical for all supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2.

MS15-032 fixes 10 security holes in Internet Explorer, nine of which are rated critical. Generally, if IE is on your machine, then you need this patch as IE6 to IE11 are vulnerable without it.

MS15-035 closes an RCE flaw in Microsoft graphics component, specifically in the Enhanced Metafile (EMF) file format that could be exploited if an attacker convinces a user to browse a maliciously crafted site, file, “or browse to a working directory that contains a specially crafted EMF image file.”

Although the raw number of updates might sound high, it represents a big drop from last month, when some PC users saw 50 or more updates on Patch Tuesday.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...

How to Identify Company’s Hacked Email Addresses Using Maltego & HaveIbeenPawned

This article is part of the Maltego OSINT tutorial, where you will learn to identify the already hacked account, and it’s password using the...

5 Key Vulnerabilities in Global Payroll

The cyber threat against payroll is growing in sophistication and frequency, according to the latest FBI cybercrime report. Many of these attacks exploit fixable...