Microsoft Patches Critical Security Flaw Affecting All Versions of Windows

By Tara Seals October 14, 2015

Microsoft has issued a critical patch for all supported versions of Windows, to address a remote code execution flaw in Internet Explorer.

If exploited, an attacker could gain access to an affected machine, gaining the same access rights as the logged-in user. From there, he or she could wreak havoc, deleting data or installing malware on the machine.

The problem lies with how Internet Explorer handles objects in memory, Microsoft said.

In order to be successful, an attacker would need to carry out a social engineering campaign to lure IE users to a specific website, or convince them to open an infected attachment. A website itself could host malicious content designed to exploit the vulnerability, or, the attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements.

In all cases, however, an attacker would have to convince users to take action, typically by getting them to click a link in an instant message or e-mail message that takes users to the attacker's Website or downloads the file.

Image via Shutterstock

"These Websites could contain specially crafted content that could exploit the vulnerabilities,” said the advisory.

Windows Vista and later, including Windows 10, are at risk; Windows server systems are also at risk, but its enhanced security mode helps to mitigate the vulnerability.

The update was issued as part of Microsoft’s monthly Patch Tuesday release. While Microsoft released six security bulletins in all, resolving a total of 19 vulnerabilities, the IE bug is the most severe. However, half of the security bulletins are critical, and all of the critical bulletins (MS15-106, MS15-108, MS15-109) are remote code execution issues affecting not just IE but also the Edge browser, VBScript & JScript Engines, Windows Shell, Office, Office Services and apps, as well as Microsoft Server Software. That’s a good chunk of the ecosystem, and admins should apply the patches as quickly as possible.

Edited by Maurice Nagle

Contributing Writer

Related Articles

Consumer Privacy in the Digital Era: Three Trends to Watch

By: Special Guest    1/18/2018

Digital advertising has exploded in recent years, with the latest eMarketer data forecasting $83 billion in revenue this year and continued growth on …

Read More

CES 2018: Terabit Fiber - Closer Than We Think

By: Doug Mohney    1/17/2018

One of the biggest challenges for 5G and last mile 10 Gig deployments is not raw data speeds, but middle mile and core networks. The wireless industry…

Read More

10 Benefits of Drone-Based Asset Inspections

By: Frank Segarra    1/15/2018

Although a new and emerging technology, (which is still evolving), in early 2018, most companies are not aware of the possible benefits they can achie…

Read More

VR Could Change Entertainment Forever

By: Special Guest    1/11/2018

VR could change everything from how we play video games to how we interact with our friends and family. VR has the power to change how we consume all …

Read More

Making Connections - The Value of Data Correlation

By: Special Guest    1/5/2018

The app economy is upon us, and businesses of all stripes are moving to address it. In this age of digital transformation, businesses rely on applicat…

Read More