Microsoft's May "Patch Wednesday" round of security updates covers 48 flaws, several which address vulnerabilities in Windows and other software that allow remote code execution.
Three security bulletins are rated as "critical" by Microsoft. MS15-045 covers six vulnerabilities in the Windows Journal note taking application that can be exploited for remote code execution by attackers sending specially crafted .jnt files for victims to open.
All current desktop versions of the Windows operating system are vulnerable to MS15-045. Windows Server in its default configuration isn't, but is affected by the flaw if the Desktop Experience package is installed, Microsoft advised. There is currently no indication that the vulnerability is being exploited.
Internet Explorer versions 6 to 11 receive fixes for 22 vulnerabilities (MS15-043) that include memory corruption, bypassing memory address space layout randomisation, privilege escalation and data leaks. Some of the vulnerabilities can be exploited remotely.
TrueType and OpenType font parsing in Microsoft Office, Lync, and the .NET framework contain a critical vulnerability that attackers could exploit through luring users to visit malicious websites or by serving them booby-trapped advertisements.
The vulnerability stems from how the DirectWrite library in Windows handles TrueType and OpenType fonts; there is no indication that the flaw is being exploited in the wild.
A further ten security bulletins covering 18 vulnerabilities in Windows and Microsoft applications are listed as "important" by Microsoft.
- MS15-046: two memory corruption vulnerabilites in Microsoft Office allow remote code execution.
- MS15-047: SharePoint Server 2007 Service Pack 3, 2010 SP2, and 2013 SP1 contain a flaw that allows authenticated users to send specially crafted content and remotely execute code.
- MS15-048: Addresses denial of sevice, privilege escalation issues in .NET.
- MS15-049: Attackers can craft malicious SilverLight 5 executables for privilege escalation.
- MS15-050: Service Control Manager allows privilege escalation.
- MS15-051: Multiple versions of Windows contain information, privilege escalation and arbitrary code execution vulnerabilities associated with kernel-mode drivers.
- MS15-052: The kernel in Windows 8.x, Windows Server 2012/2012 R2 and Windows RT and RT 8.1 allows security feature bypass.
- MS15-053: JScript and VBScript in several versions of Windows allows security bypass through Internet Explorer that removes ASLR.
- MS15-054: Microsoft Management Console in Vista and newer versions of Windows are vulnerable to denial of service attacks through malicious .msc files.
- MS15-055: Secure Channel, used for encrypted communications in Windows, can leak information if attackers succeed in reducing Diffie-Hellman encoding keys to a weak 512 bytes strength in encrypted Transport Layer Security sesssions.
Updates will be delivered to users automatically via Windows Update.