Microsoft Squashes Five 0-Day Vulnerabilities In Latest Patch Tuesday Release

Windows 10
It's the second Tuesday of the month, so that can mean only one thing: Microsoft has some Windows security updates waiting for us. This month, the company has tackled a total of five "Critical" bugs, so it's highly recommended that every Windows user go and update whether you're at home managing one PC or in the enterprise managing thousands.

Security research firm Qualys encourages the same, as the entire update package eradicates five 0-day issues. In all, ten security updates were released affecting browsers, Office, GDI+, kernel drivers, the registry, messaging, and... of course, Adobe Flash.

The GDI+ vulnerability is particularly important as simply visiting a malicious webpage could result in someone being able to take complete control over the machine. The browser updates for Edge and Internet Explorer are not much better: both could lead to remote code execution.

Windows Update

Qualys relays information about the different ways Microsoft has begun issuing updates, although unless you're a system administrator of a big company, understanding the differences shouldn't matter that much. For those in the enterprise, Patch Tuesday will now represent the "rollup" of only security fixes, to reduce the chance of an issue popping up. For those in the home, the rollup will include those same fixes as well as all of the fixes from previous rollups.

On the third Tuesday of every month, another rollup will include a preview of non-security fixes that will be debuted the following month, for those who are running Preview builds. This is useful for those running such builds either for fun, or for advanced testing.

Overall, the entire security update package is fairly modest, but because the rollup involves five critical bugs being squashed, it's imperative to waste no time in updating.


Via:  Qualys
Show comments blog comments powered by Disqus