Microsoft Patch Tuesday
Microsoft issued 14 bulletins yesterday in its monthly Patch Tuesday release. Dozens of vulnerabilities have been fixed in many Microsoft products.
Here is an outline of the most critical flaws, three of which are being actively abused by hackers.
MS15-065 addresses 28 vulnerabilities in versions of Internet Explorer 6 and beyond. It includes a multitude of fixes and it's thought that it also mends a flaw exposed by the Hacking Team data breach.
MS15-066 affects the VBScript engine in Windows Server 2013 and 2008 as well as Windows Vista. Hackers can take over a machine with the same privileges as a logged-in user if they visit a malware-ridden website.
MS15-67 lies in Windows 7 and 8, which targets the Remote Desktop Protocol (RDP).
MS15-068 affects Windows users running Hyper-V. It can be used to install malware or other applications on a guest computer. Attackers need valid logon credentials to exploit this vulnerability on a guest computer. The flaw affects Windows 8, 8.1 and versions of Windows Server 2008 and beyond.
MS15-069 through MS15-077 are all “important” and affect versions of Windows and Office.
MS15-058 was also fixed in this release, after being unexpectedly left off of June's Patch Tuesday list. It affects versions of SQL Server 2008 and later.
Microsoft encourages users to apply updates as soon as possible through the usual update channels.