If you have not updated Windows this week, then you need to get updating. Yesterday Microsoft released six security updates, with three of them being marked as critical. Microsoft updates are labeled critical when the vulnerability could be exploited by a remote user to execute code on the attacked machine. This is done by attackers creating specially crafted web pages that exploit these vulnerabilities when a user visits them from a vulnerable version of Windows. Once the vulnerability is exploited, the attacker can execute commands that downloads and executes software on the affected machine.

If you have not updated Windows this week it is imperative that you do so as soon as possible. The vulnerabilities that were patched include:

Bulletin ID

Bulletin Title and Executive Summary

MS15-106

Cumulative Security Update for Internet Explorer (3096441) 
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS15-107

Cumulative Security Update for Microsoft Edge (3096448) 
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow information disclosure if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS15-108

Security Update for JScript and VBScript to Address Remote Code Execution (3089659) 
This security update resolves vulnerabilities in the VBScript and JScript scripting engines in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that uses the IE rendering engine to direct the user to the specially crafted website.

MS15-109

Security Update for Windows Shell to Address Remote Code Execution (3096443) 
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens a specially crafted toolbar object in Windows or an attacker convinces a user to view specially crafted content online.

MS15-110

Security Updates for Microsoft Office to Address Remote Code Execution (3096440) 
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS15-111

Security Update for Windows Kernel to Address Elevation of Privilege (3096447) 
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

Related Articles:

Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws

Windows 10 KB5046613 update released with fixes for printer bugs

Windows 11 KB5046617 and KB5046633 cumulative updates released

Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws

Windows 11 is adding a 'Share' button to the Start menu and Taskbar