Microsoft Issues 12 Security Fixes on Patch Tuesday, 5 Critical

Redmond yesterday released 12 new security patches as part of its monthly update to offer protection against malicious attackers. Microsoft is encouraging customers to apply the updates as soon as possible.

Microsoft is patching holes in its Active Directory Service; Microsoft Graphics Component; Windows Journal; Microsoft Office; Windows Media Center; .NET Framework; Windows Task Management; Microsoft Exchange Server; Skype for Business and Lync Server; Edge browser; and Internet Explorer.

Five of the bulletins target critical remote code execution vulnerabilities; seven vulnerabilities are rated important. Most security industry watchers are putting MS15-097, which fixes flaws in Microsoft Office, at the top of the list.

EUThe most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file,EU Microsoft said in its security advisory. EUAn attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.EU

Nothing Impressive

We turned to Tyler Reguly, manager of security research at advanced threat protection firm Tripwire, to get his comments on the latest round of patches. He told us the best word to describe this month is probably EUvanilla.EU

EUThere's nothing overly fancy or impressive that stands out in the list of updates, it's the usual flavor that we see month after month without anything [exceptional] or unique in the list,EU Reguly said.

EUIn both 2010 and 2013, Microsoft released 106 security bulletins. This was, to date, the highest number of bulletins released in a single year by Microsoft,EU he said. EUWith Microsoft releasing bulletin MS15-105 in September, it'd be a pretty safe bet to say that 2015 will be a record setting year for Microsoft Bulletins.EU

Tame by Comparison

Craig Young, security researcher at...

Comments are closed.