Microsoft has released 13 updates for Windows, Internet Explorer, Office, Silverlight, Lync and the .NET Framework during the Patch Tuesday of this month. Together the updates fix 48 vulnerabilities. Three updates for Windows, Internet Explorer, Silverlight, .NET Framework and Office have been marked critical and allow an attacker to run malicious code on a computer without (much) user interaction.
The first critical update is MS15-043 which fixes 22 leaks in Internet Explorer. Visiting a malicious or hacked website is sufficient for an attacker to remotely execute code on a vulnerable computer. The second update that should be installed as soon as possible is MS15-044.
This update fixes two vulnerabilities in the font drivers of Microsoft. These drivers are used in a large number of products including Windows, .NET Framework, Office, Lync and Silverlight. When a vulnerable user visits a website with a specially prepared TrueType font, an attacker can execute malicious code on the computer.
The last critical update, that also makes it possible to execute code, is MS15-045 which fixes 6 vulnerabilities in the Windows Journal. In this case an attacker can make its moves when an user opens a malicious Windows Journal file. The impact is limited when an user doesn't have administrator rights.
The remaining updates are mainly for Windows and are marked as important. They include vulnerabilities that make it possible for an attacker to retrieve information, to cause a Denial of Service, to circumvent security features, to elevate privileges on a system or to execute code, however in this case it requires more user interaction.
The updates are automatically downloaded and installed for most users.
