Wednesday, 15 July 2015

Microsoft Patches 59 Vulnerabilities, Of Which 7 Zero Days

Microsoft Patch Tuesday during the July 59 vulnerabilities in Windows, Internet Explorer, Office and SQL Server patched, 7 of zero days. It is in this case for vulnerabilities that were already known or were attacked before the relevant Microsoft security update was available.

Three of the zero-day vulnerabilities in Internet Explorer, Office and Windows were actively attacked, Microsoft said. Two of these vulnerabilities in IE and Windows, were coming from the Italian company hacked Hacking Team. This means that Hacking Team possessed far as is known about five zero-day vulnerabilities. In addition to IE and Windows, the company had also provided with three unknown vulnerabilities in Adobe Flash Player. The remaining four zero-day vulnerabilities that Microsoft patched this month found in IE and were already made ​​public, but according to the software giant does not actively attacked.


In total there are 14 security updates. Thus it belongs patch round both the number patches as corrected vulnerabilities into one of the toughest rounds patch from Microsoft ever. Four updates, MS15-065 , MS15-066 , MS15-067 and MS15-068 , have the highest priority and are labeled by Microsoft as critical. Through these vulnerabilities, an attacker can take over the underlying system. These include a vulnerability in the Remote Desktop Protocol (RDP). RDP is not enabled by default, but if that is the case an attacker by sending a few packets take over the system.

Three other updates are not labeled as critical, but let an attacker or run arbitrary code on a computer. It is MS15-058 for SQL Server MS15-069 for Windows and MS15-070 for Office. Microsoft regards this update as "important" because an attacker needs to do more effort before code execution is possible. The other security bulletins this month fix vulnerabilities that an attacker can increase his privileges on the computer. These include to the zero-day flaw in Windows which was discovered by Hacking Team. In these vulnerabilities, an attacker must already have access to the system before use can be made.

The updates can be downloaded via Windows Update and will be automatically installed on most computers. An overview of all bulletins on this page to find.

No comments:

Post a Comment