This week's edition of Microsoft's Patch Tuesday involved 14 security bulletins that fixed a total of 58 vulnerabilities in Windows, Internet Explorer, .NET, Office, Lync, Silverlight and the new Edge browser. Four of the bulletins are rated as critical, the other ten are marked as important. Windows 10 receives two critical bulletins, one important bulletin and also a critical one for the Edge browser.
One of the most serious issues fixed with the August 2015 security updates is a privilege escalation vulnerability affecting the Mount Manager in Windows (CVE-2015-1769). The flaw can be exploited by inserting a malicious USB device into the targeted system. While attacks involving USB devices might not be considered very dangerous, Microsoft says it has reason to believe this vulnerability has been exploited in targeted attacks.
Another vulnerability exploited by malicious actors is a memory corruption flaw (CVE-2015-1642) in Office. The vulnerability has been addressed with the release of the MS15-081 bulletin.
Security firm Qualys has named the Office bulletin MS15-081 the highest priority item of the month. Experts have pointed out that this bulletin is rated “critical,” which is rare for Office updates because Microsoft decreases the severity rating of a security bug if user interaction is required (e.g. opening a specially crafted document).
Adobe also rolled out a fresh round of patches this week, they addressed a total of 35 vulnerabilities in the Windows, Mac and Linux versions of the Flash Player plug-in. The updates resolve vulnerabilities that could lead to code execution and include further hardening to a mitigation introduced in version 22.214.171.124 to defend against vector length corruptions.