HEAT Blog

2015 On Record Pace with Release of September Patch Tuesday

In today’s Patch Tuesday, Microsoft released 12 security bulletins, five of which are critical. With this month’s patch load, we can count 105 updates released so far this year which is only one update short of the total number of bulletins released back in 2013. We have already far-exceeded last year’s total of 85. The reason for such a significant increase in updates this year could be attributed to a variety of factors such as the launch of Windows 10 and other new Microsoft products but regardless of the reason, the now-restructured team at Trustworthy Computing is definitely staying busy. And maybe even overwhelmingly so. A total of 56 vulnerabilities have been addressed this month and more than likely, you’ll want to start with MS15-097 which is a fix for 10 vulnerabilities in Microsoft Graphics components that impact Windows Vista, Server 2008, Microsoft Lync and the 2007 and 2010 versions of Office. One of these vulnerabilities, CVE-2015-2546, is under active attack and impacts Office. Second on your list of priorities should be MS15-099, also rated a critical update. All versions of Office are impacted by this vulnerability which could allow a remote code execution if a user opens a malicious Office file. Excel for Mac and SharePoint Foundation and SharePoint Server 2013 could also be impacted. Critical rated MS15-094 will also need your attention this month – another cumulative update for IE. September’s update covers 12 CVEs for the popular browser. The most serious fix is for when a user visits a malicious webpage while using IE. Interestingly, MS15-095 addresses four of the same IE updates for Microsoft’s new browser, Edge. Hackers are indeed going after Edge users but only time will tell if it becomes a favorite attack avenue like IE. Either way, if you use Windows 10, patch this one right away. And speaking of Windows 10, if you’re a user, Microsoft has rolled all of the applicable security updates into one cumulative update. Check out Knowledge Base Article 3081445 which is set to go live later today (at the time of this writing). Microsoft continues to fine tune this update process for enterprise users. Somewhat surprisingly, there is no update this month (at least so far) for Adobe Flash. But don’t get too excited, one was put out today for Shockwave. If you use Shockwave Player, you’ll want to update with APSB15-22.
Posted in Patch Tuesday, Unified Endpoint ManagementTagged