All Windows affected by critical security flaws

By

Patch pushed out to plug remote code execution.

Microsoft has issued a cumulative patch for a set of critical flaws affecting all supported versions of its Windows operating system, to protect against remote code execution flaw in its Internet Explorer web browser.

All Windows affected by critical security flaws

In its most recent monthly security bulletin, Microsoft revealed all supported versions of Windows after Vista - including the latest, Windows 10 - would need to apply the cumulative update.

Microsoft advised that flaws exist in how IE handles objects in memory, which if exploited, could allow an attacker to gain the same access rights as the user into their machine.

To exploit the flaw, an attacker would need to take advantage of compromised websites and websites that "accept or host user-provided content or advertisements", Microsoft said.

"The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer," it advised.

Microsoft Windows server software was also susceptible to the flaws, but less so thanks to its enhanced security mode.

Researchers from FireEye, HP, Trend Micro, and Verisign, among others, were recognised by Microsoft for discovering the flaw.

Microsoft's new Edge browser does not contain the same vulnerability, the company said.

The patch modifies how IE, JScript and VBScript handle objects in memory, and adds additional permission validations to IE, Microsoft said.

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
flawinternet explorersecuritysoftwarevulnerabilitywindows

Sponsored Whitepapers

Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.

Events

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul
CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'
Victoria's first government tech chief steps down

Victoria's first government tech chief steps down
SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?