Number: IRCNE2015112681
Date: 2015/11/11
According to “zdnet”, Microsoft has released patches for two critical security vulnerabilities that affect every supported version of Windows.
All users running Windows Vista and later -- including Windows 10 -- are affected by two flaws, which could allow an attacker to install malware on an affected machine.
The patch, MS15-112 addresses a memory corruption flaw in Internet Explorer. If exploited, an attacker could gain access to an affected machine, gaining the same access rights as the logged-in user, such as installing programs, and deleting data.
Users must be tricked or convinced into clicking a link, such as from an email or instant message, which opens a website that contains code that can exploit the flaw.
The software giant's new Edge browser, which runs exclusively on Windows 10 machines, is also affected by the flaw, and has its own separate bulletin, MS15-113.
The other patch affecting all versions of Windows, MS15-115, fixes a series of flaws that could allow an attacker to remotely execute code on an affected machine by exploiting how the operating system handles and displays fonts. Some of the flaws can only be triggered if an attacker logs on to the affected machine, but some can be triggered by the user visiting a web page that contains exploit code.
Microsoft said the two flaws were not being publicly exploited by attackers.
Microsoft also released eight other patches -- MS15-116 through to MS15-123 -- for "important" issues relating to Microsoft Office, .NET Framework, and Skype.
November's patches will be available through the usual update channels.
- 5