Microsoft Patches Critical Security Flaw Affecting All Versions of Windows

By

Microsoft has issued a critical patch for all supported versions of Windows, to address a remote code execution flaw in Internet Explorer.

If exploited, an attacker could gain access to an affected machine, gaining the same access rights as the logged-in user. From there, he or she could wreak havoc, deleting data or installing malware on the machine.

The problem lies with how Internet Explorer handles objects in memory, Microsoft said.

In order to be successful, an attacker would need to carry out a social engineering campaign to lure IE users to a specific website, or convince them to open an infected attachment. A website itself could host malicious content designed to exploit the vulnerability, or, the attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements.

In all cases, however, an attacker would have to convince users to take action, typically by getting them to click a link in an instant message or e-mail message that takes users to the attacker's Website or downloads the file.

Image via Shutterstock

"These Websites could contain specially crafted content that could exploit the vulnerabilities,” said the advisory.

Windows Vista and later, including Windows 10, are at risk; Windows server systems are also at risk, but its enhanced security mode helps to mitigate the vulnerability.

The update was issued as part of Microsoft’s monthly Patch Tuesday release. While Microsoft released six security bulletins in all, resolving a total of 19 vulnerabilities, the IE bug is the most severe. However, half of the security bulletins are critical, and all of the critical bulletins (MS15-106, MS15-108, MS15-109) are remote code execution issues affecting not just IE but also the Edge browser, VBScript & JScript Engines, Windows Shell, Office, Office Services and apps, as well as Microsoft Server Software. That’s a good chunk of the ecosystem, and admins should apply the patches as quickly as possible.




Edited by Maurice Nagle
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Contributing Writer

SHARE THIS ARTICLE
Related Articles

Why More Leads Won't Fix a Broken Lead Management Process

By: Contributing Writer    6/23/2026

When sales results start to stall, many organizations immediately look to the top of the funnel for answers. The assumption is simple: if revenue i…

Read More

Your Post-Quantum Readiness Starts at Y2Q Summit

By: TMCnet News    5/27/2026

Y2Q Summit is an executive conference focused on helping enterprises prepare for the coming era of quantum computing disruption, cybersecurity transfo…

Read More

Why Award Marketing Should Be Part of Every B2B Tech Company's Growth Strategy

By: Erik Linask    5/20/2026

Award marketing matters for B2B tech companies because industry recognition can strengthen trust, support sales and partner relationships, improve con…

Read More

Why Email Is Still the Most Underrated Layer of Modern Software Infrastructure

By: Contributing Writer    5/15/2026

Take, for example, the following scenario. A user requests a password reset, waits a few seconds, refreshes their inbox and nothing arrives. They try …

Read More

Jitterbit's Visionary Status Signals a Shift in the iPaaS Market

By: Contributing Writer    4/7/2026

As enterprise ecosystems grow more complex, integration has become less of a backend IT function and more of a strategic driver of business performanc…

Read More