Microsoft Security Updates for August 2015

This week on Patch Tuesday, Microsoft released fourteen security bulletins, four of which are considered critical.

Systems affected include Windows, Internet Explorer, Office, Silverlight, Microsoft .NET Framework, Microsoft Lync, and Microsoft Server Software. Some of the fixes are for Windows 10, including its newest browser Microsoft Edge. An attacker could run malicious code on an affected machine if a user visits a specially-crafted webpage, allowing access at the logged-in user level.

Be sure to accept the updates as they occur, or go to the Windows Update site. You may need to restart your machine after installing patches.

Read the story in the news.

Microsoft Security Updates for July 2015

On Patch Tuesday last week, Microsoft released 14 security bulletins (MS15-058, and MS15-065 through MS15-077) to address vulnerabilities in Microsoft products. Four of these are rated critical.

Systems affected include Microsoft Windows, Office, Internet Explorer and SQL Server. Read the story in the news (This article also includes more on the Adobe Flash issues mentioned above).

One of the critical bulletins, MS15-067 included a patch to address a remote code execution vulnerability in Remote Desktop (RDP).

To exploit the vulnerability, an attacker could send a specially crafted sequence of packets to a system running the RDP server service. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

RDP is heavily used throughout MIT and therefore IS&T recommends that patches are applied as soon as possible. If you have questions or need assistance, send email to the IS&T Help Desk or call 617.253.1101. You can also submit a request online.

Microsoft also released an out-of-band patch (MS15-078) this past Monday for all supported versions of Windows. It fixes a security bug in the way Windows handles custom fonts. The updates is rated as critical.

Be sure to accept the updates as they occur, or go to the Windows Update site. You may need to restart your machine after installing patches.

Microsoft Ends Support for Windows Server 2003

Microsoft ended support of Windows Server 2003 on July 14, 2015. If you have machines still running Windows Server 2003, it is very important that you upgrade to Windows Server 2012 R2 and apply the latest patches from Microsoft to minimize security risks and comply with recent Massachusetts data regulations.

IS&T recommends that Windows users subscribe to the MIT Windows Automatic Update Service (MIT WAUS) to get the latest service packs and security patches. Visit the MIT WAUS article in the KB for detailed instructions on how to subscribe.

If you have questions or need assistance, send email to the IS&T Help Desk at helpdesk@mit.edu or call 617.253.1101. You can also submit a request online.

Learn more from Microsoft about migrating from Windows Server 2003.

Microsoft Security Updates for June 2015

On Patch Tuesday last week, Microsoft released eight security bulletins (MS15-056 through MS15-064). Two are labeled critical, but four address remote code execution vulnerabilities that an attacker could use to take control of a user’s machine.

Systems affected include Microsoft Windows, Internet Explorer, Microsoft Office and Microsoft Exchange Server. The security update for Internet Explorer fixes 24 vulnerabilities in the browser.

Be sure to accept the updates as they occur, or go to the Windows Update site. You may need to restart your machine after installing patches.   

Read the story in the news.

Microsoft Security Updates for May 2015

Microsoft released 13 updates on May 12th, Security Bulletins MS15-043 through MS15-055, to address vulnerabilities in Microsoft Windows. Three are rated critical. Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, information disclosure, or security feature by-pass.

All Windows operating systems are affected, as well as Microsoft Silverlight, Microsoft Office, Internet Explorer, and Microsoft SharePoint Server. It has been noted that the number of patches in this release brings the total number for the year to 53, the highest total through May of the past five years.

Patches are available via Windows Update.

Microsoft Security Updates for April 2015

On Patch Tuesday this week, Microsoft released eleven security bulletins (MS15-032 through MS15-042). Four bulletins are labeled as critical and the remaining seven as important.

Systems affected include Windows client and server operating systems as well as various Office products and Internet Explorer. One of the bulletins, MS15-033, addresses a zero-day vulnerability in Microsoft Office which is currently under limited attacks on Word 2010. The bulletin also fixes two critical RCE (remote code execution) flaws that could be exploited in Office 2007 and 2010 if a user looks at an email in the Outlook preview pane.

Be sure to accept the updates as they occur, or go to the Windows Update site. You may need to restart your machine after installing patches.

Read the story in the news.

Microsoft Security Updates for March

On Patch Tuesday, Microsoft released the highest number of security bulletins in recent history with 14 bulletins containing 46 updates for March (MS15-018 through MS15-031). Systems affected are Windows and Office (whose patches are rated critical), Exchange and Internet Explorer. Not all of the updates were security-related. A break-down of what was contained in this month’s batch of updates can be found here.

Good news is that Microsoft has covered many issues, including all the open issues from the Google Project Zero list; they addressed the “FREAK” vulnerability in Windows, which can be exploited to intercept communications and downgrade encryption strength; and issued a patch to fix a flaw exploited by Stuxnet that was incompletely patched in 2010.

Be sure to accept the updates as they occur, or go to the Windows Update site. You may need to restart your machine after installing patches.

Read the story in the news.