Microsoft announced another one Patch Tuesday, with this month's updates. Includes updates for Windows, Internet Explorer, and Office.
The most important patch on the list is an Office one that fixes an exploit already used in “limited attacks” on thenetwork.
But let's see in detail what is written in Microsoft's newsletter. On a fully upgraded system with Windows 8.1, there are 12 Important Windows Updates (including the Removal Tool malicioussoftware) and an additional 9 updates for Office 2010. For Windows 7, the corresponding list of Patch Tuesday it's a bit longer since it contains 12 Windows updates.
The good news is that in this month's security newsletters, only four updates are classified as critical. The rest are for security issues that are markedly important.
The first critical update is a cumulative security update for Internet Explorer (3038314) (MS15-032). This update addresses 10 distinct vulnerabilities and is estimated to be critical to any supported version of Internet Explorer in desktop versions of Windows and important to server IE (where the default configuration makes exploit more difficult).
Η MS15-033 stops a "use after free" vulnerability that could lead to remote code exploitation when opening a "specially constructed" (ie, trapped) Office document. Office 2007. Microsoft says "limited attacks trying to exploit this vulnerability" have been reported on the Internet.
Η MS15-034 addresses a vulnerability in HTTP.sys. Applies to all supported versions of Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1 and Windows Server 2012 R2.
The latest critical update MS15-035is not required on systems running Windows 8.1 or Windows Server 2012, but applies to Windows Vista and Windows 7, as well as Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2. Fixes a vulnerability that could allow remote code execution when a user clicks on a malicious Enhanced Metafile or EMF image file.
Needless to say, the Office update is especially worth applying immediately.