This month is dominated by remote code execution vulnerabilities enabling information disclosure if a user opens/visits specifically crafted content. The vulnerabilities affect Internet Explorer, Edge, Windows Shell and Microsoft Office. It is advisable for users and administrators to patch the affected platforms.

Microsoft includes 6 security bulletins, half of which are rated critical, resolving a total of 19 vulnerabilities. All of the critical bulletins (MS15-106, MS15-108, MS15-109) are remote code execution issues affecting Internet Explorer, Edge, VBScript & JScript Engines, Windows Shell, Office, Office Services and Apps as well as Microsoft Server Software.

MS15-106 is the bulletin to watch out for this month. It is rated Critical for Internet Explorer 7 - 11 on Windows clients and Moderate for Internet Explorer 7 - 11 on Windows servers. If a user views a maliciously crafted webpage using Internet Explorer, an attacker could gain the same rights as the current user. Users with administrative rights beware.

Users should always be wary of untrusted sources as maliciously crafted content could disclose personal/sensitive information. Your best protection against these threats is to patch as quickly as possible.

Vulnerability Reference: