Microsoft Security Updates for July 2015

On Patch Tuesday last week, Microsoft released 14 security bulletins (MS15-058, and MS15-065 through MS15-077) to address vulnerabilities in Microsoft products. Four of these are rated critical.

Systems affected include Microsoft Windows, Office, Internet Explorer and SQL Server. Read the story in the news (This article also includes more on the Adobe Flash issues mentioned above).

One of the critical bulletins, MS15-067 included a patch to address a remote code execution vulnerability in Remote Desktop (RDP).

To exploit the vulnerability, an attacker could send a specially crafted sequence of packets to a system running the RDP server service. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

RDP is heavily used throughout MIT and therefore IS&T recommends that patches are applied as soon as possible. If you have questions or need assistance, send email to the IS&T Help Desk or call 617.253.1101. You can also submit a request online.

Microsoft also released an out-of-band patch (MS15-078) this past Monday for all supported versions of Windows. It fixes a security bug in the way Windows handles custom fonts. The updates is rated as critical.

Be sure to accept the updates as they occur, or go to the Windows Update site. You may need to restart your machine after installing patches.

Microsoft Security Updates for June 2015

On Patch Tuesday last week, Microsoft released eight security bulletins (MS15-056 through MS15-064). Two are labeled critical, but four address remote code execution vulnerabilities that an attacker could use to take control of a user’s machine.

Systems affected include Microsoft Windows, Internet Explorer, Microsoft Office and Microsoft Exchange Server. The security update for Internet Explorer fixes 24 vulnerabilities in the browser.

Be sure to accept the updates as they occur, or go to the Windows Update site. You may need to restart your machine after installing patches.   

Read the story in the news.

Microsoft Security Updates for May 2015

Microsoft released 13 updates on May 12th, Security Bulletins MS15-043 through MS15-055, to address vulnerabilities in Microsoft Windows. Three are rated critical. Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, information disclosure, or security feature by-pass.

All Windows operating systems are affected, as well as Microsoft Silverlight, Microsoft Office, Internet Explorer, and Microsoft SharePoint Server. It has been noted that the number of patches in this release brings the total number for the year to 53, the highest total through May of the past five years.

Patches are available via Windows Update.

Adobe Security Updates for Reader and Acrobat

This week Adobe released security updates for Adobe Reader and Acrobat for Windows and Macintosh. The updates patch 34 vulnerabilities in Acrobat X, Acrobat XI, Reader X and Reader XI that could potentially allow an attacker to take over the affected system.

Adobe recommends users update their product installations to the latest versions. Read the details in the Adobe Security Bulletin.

Microsoft Security Updates for April 2015

On Patch Tuesday this week, Microsoft released eleven security bulletins (MS15-032 through MS15-042). Four bulletins are labeled as critical and the remaining seven as important.

Systems affected include Windows client and server operating systems as well as various Office products and Internet Explorer. One of the bulletins, MS15-033, addresses a zero-day vulnerability in Microsoft Office which is currently under limited attacks on Word 2010. The bulletin also fixes two critical RCE (remote code execution) flaws that could be exploited in Office 2007 and 2010 if a user looks at an email in the Outlook preview pane.

Be sure to accept the updates as they occur, or go to the Windows Update site. You may need to restart your machine after installing patches.

Read the story in the news.

Microsoft Security Updates for March

On Patch Tuesday, Microsoft released the highest number of security bulletins in recent history with 14 bulletins containing 46 updates for March (MS15-018 through MS15-031). Systems affected are Windows and Office (whose patches are rated critical), Exchange and Internet Explorer. Not all of the updates were security-related. A break-down of what was contained in this month’s batch of updates can be found here.

Good news is that Microsoft has covered many issues, including all the open issues from the Google Project Zero list; they addressed the “FREAK” vulnerability in Windows, which can be exploited to intercept communications and downgrade encryption strength; and issued a patch to fix a flaw exploited by Stuxnet that was incompletely patched in 2010.

Be sure to accept the updates as they occur, or go to the Windows Update site. You may need to restart your machine after installing patches.

Read the story in the news.

Microsoft Security Updates for February

As mentioned in the previous article, Microsoft has updated Windows to detect the Superfish software that comes preinstalled on Lenovo computers. Windows Defender is now actively removing the software and will reset any SSL certificates that were circumvented by Superfish, restoring the system to proper working order. Users should update their version of Windows Defender and scan as soon as possible. Learn more.

Microsoft released nine bulletins for February on Patch Tuesday (MS15-009 through MS15-017). Systems affected are Microsoft Windows, Office, Internet Explorer and Server Software.

The security update for Internet Explorer patches 41 vulnerabilities. Be sure to accept the updates as they occur, or go to the Windows Update site.