All Windows affected by critical security flaws

By on
All Windows affected by critical security flaws

Patch pushed out to plug remote code execution.

Microsoft has issued a cumulative patch for a set of critical flaws affecting all supported versions of its Windows operating system, to protect against remote code execution flaw in its Internet Explorer web browser.

In its most recent monthly security bulletin, Microsoft revealed all supported versions of Windows after Vista - including the latest, Windows 10 - would need to apply the cumulative update.

Microsoft advised that flaws exist in how IE handles objects in memory, which if exploited, could allow an attacker to gain the same access rights as the user into their machine.

To exploit the flaw, an attacker would need to take advantage of compromised websites and websites that "accept or host user-provided content or advertisements", Microsoft said.

"The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer," it advised.

Microsoft Windows server software was also susceptible to the flaws, but less so thanks to its enhanced security mode.

Researchers from FireEye, HP, Trend Micro, and Verisign, among others, were recognised by Microsoft for discovering the flaw.

Microsoft's new Edge browser does not contain the same vulnerability, the company said.

The patch modifies how IE, JScript and VBScript handle objects in memory, and adds additional permission validations to IE, Microsoft said.


Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?