Microsoft issued six bulletins that fix 33 vulnerabilities on Patch Tuesday

Posted on Wednesday, October 14 2015 @ 11:53 CEST by Thomas De Maesschalck
Microsoft logo
Yesterday Microsoft rolled out its monthly dose of patches. This month's Patch Tuesday features six security bulletins
The Inquirer
has a handy overview:
Updates:
  • MS15-106 A cumulative fix for 14 CVE-listed flaws in Internet Explorer. These vulnerabilities can be exploited by webpages to hijack PCs.

  • MS15-107 Cumulative fix for Microsoft Edge, two CVE-listed flaws patched: one, a cross-site-scripting protection bypass, and the other an information disclosure bug that could be used to further attack the computer system.

  • MS15-108 Four CVE-listed flaws in VBScript and JScript in IE versions 7 through 11. Specially crafted webpages can execute code outside the aforementioned scripting engines, and do what they like to the system as the logged-in user.

  • MS15-109 Two CVE-listed flaws in Windows Shell. "The vulnerabilities could allow remote code execution if a user opens a specially crafted toolbar object in Windows or an attacker convinces a user to view specially crafted content online," Microsoft explained in its advisory.

  • MS15-110 Three CVE-listed vulnerabilities in Excel, and Sharepoint Server. Opening a malicious spreadsheet can trigger the execution of code within the document to take over the PC as the logged-in user.

  • MS15-111 Five CVE-listed flaws in the Windows kernel, the worst of which can be exploited by software to gain administrator access on a system.


  • About the Author

    Thomas De Maesschalck

    Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



    Loading Comments