Microsoft Patches Remote Code Execution Bugs in IE, Font Drivers, Windows Journal

RV_ · May 12, 2015

Patch Tuesday is still with us until Windows 10. Here is today's batch and what they are.

Excerpt:

"Patch Tuesday as we know it may be on its last legs, but it’s certainly not going quietly. A little more than a week after Microsoft announced how it would revamp patch distribution and security updates starting with Windows 10, the company today released its scheduled round of bulletins—13 in all, including three critical updates for vulnerabilities in Internet Explorer, Microsoft Font Drivers, and Windows Journal, all of which lead to remote code execution.

Today’s update runs the usual spectrum of products affected by the respective bulletins. The almost-habitual Internet Explorer cumulative update, MS15-043, is likely the highest priority; it patches 22 vulnerabilities that enable not only remote code execution, but also security feature bypasses, information disclosure and elevation of privileges. For Windows clients, most of the IE bugs are rated important by Microsoft; those rated critical include 14 memory corruption vulnerabilities in IE6-11. The bulletin also takes care of a number of ASLR bypass vulnerabilities in IE or VBScript and an IE Clipboard information disclosure issue."

See more details here: https://threatpost.com/microsoft-patches-remote-code-execution-bugs-in-ie-font-drivers-windows-journal/112762#sthash.M1K3iE9A.dpuf

RV_ · May 13, 2015

This month's Patch Tuesday list includes three Critical security updates:

Microsoft's Patch Tuesday menu for May consists of another long list of security updates for Windows, Office, and more. Only three of the Windows updates are rated Critical, however.

Excerpt:

"Last week's headlines from the Microsoft Ignite conference breathlessly (and incorrectly) proclaimed that Patch Tuesday was dead.
As if to say, "I'm not dead yet," Microsoft's update servers delivered a heaping helping of Patch Tuesday fixes today, for Windows, Office, the .NET Framework, and Silverlight. On a Windows 8.1 System, I counted 19 updates for Windows, and a separate Windows 7 test system included 14 updates for Windows, another 11 for Office 2010, and an updated version of Silverlight.

For a detailed breakdown of which are which the full article is here: http://www.zdnet.com/article/may-2015-patch-tuesday/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61

wa_desert_rat · May 13, 2015

Lots of zero-day exploits being patched on all operating systems. I wonder if the relatively-recent "rewards" system is responsible for this. Not too long ago developers tried to hide exploits and resented anyone finding them (and even telling them!). After the exploits were subsequently released - and used - in the wild the developers started to realize that the PR fallout from not bothering to patch against exploits that they had been told about - sometimes many times - was worse than doing the patches and just admitting that there were issues and here is a fix.

WDR