This month's edition of Microsoft's Patch Tuesday features 12 security bulletins fixing a total of 56 separate vulnerabilities in Windows, Office, IE and the Edge browser. Five of the bulletins are marked as critical updates, including two that affect all supported versions of Windows, one for all supported versions of Office, one that targets three critical flaws in Edge and another one for a critical elevation of privilege flaw in some versions of Windows and Office.
Here's some info about the two bulletins that target all supported versions of Windows:
MS15-094 is the biggest patch of the monthly batch, affecting all supported versions of Windows, including the company's server and tablet operating system lineup. A number of memory corruption flaws in Internet Explorer could allow an attacker to gain access to an affected system, running at the same user privilege level. An attacker would have to trick a user into visiting a carefully-crafted web page in order to exploit the flaw. Although Windows 10 is listed as a vulnerable system, the Edge browser is not affected by the bug.
MS15-098 is another major flaw, affecting all supported versions of Windows. A denial-of-service issue with how Windows Journal handles some carefully-crafted documents could allow an attacker to cause data loss on an affected system. The good news is that it can't allow an attacker to take over the machine.