8/12/2015
01:30 PM

Windows 10 Gets Patch Tuesday Treatment, With 4 Critical Bugs Fixed

Office, Edge, Internet Explorer, and graphics components all ripe for remote code execution.



Microsoft's Patch Tuesday for August included four critical remote code execution vulnerabilities, some of which impact the new Windows 10 operating system.

Two of the bugs are in Windows browsers -- one in Internet Explorer and one in the new Microsoft Edge browser -- and both allow remote code execution if a user views a specially crafted webpage.

Another is in Microsoft graphics components, and could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts. (Last month, Microsoft released an out-of-band patch for a zero-day vulnerability revealed in the leaked Hacking Team files that was also related to embedded OpenType fonts; that bug was in the Microsoft fonts driver.)

The last critical vulnerability in this month's Patch Tuesday is in Microsoft Office. An attacker could compromise the user via a malicious Office file, conduct remote code execution and run arbitrary code in the context of the current user.

Fourteen vulnerabilities were patched, in all. The full details are available here

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2019 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service