Microsoft issues critical fixes for Windows and IE in July Patch Tuesday release

Microsoft has released 14 security fixes for its July Patch Tuesday update including several for Windows and Internet Explorer (IE).

Four of the fixes in the Microsoft July 2015 Patch Tuesday update are marked 'critical' and resolve gaps that are currently open to exploitation by hackers.

One of the most notable fixes is the MS15-065 bulletin that patches a flaw that could allow remote code execution if a user visits a specially crafted website using IE, and affects all versions from IE 6 to 11.

"An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user," explained the advisory.

Meanwhile MS15-066 fixes vulnerabilities in the VBScript scripting engine and affects Windows 2003, Vista and Server 2008.

Another critical patch, MS15-067, contains an array of fixes for Windows, including a vulnerability in Remote Desktop Protocol that could result in remote code execution.

Craig Young, a security researcher at Tripwire, stressed the importance of the MS15-067 fix.

"This should definitely be on the top of everyone's install list. Although Microsoft says that code execution is tricky, there are a lot of smart people out there and I'm sure it won't be long before proof-of-concept code starts floating around," he said.

The last critical update, MS15-068, is for Windows versions 8 and 8.1 and versions of Windows Server 2008 and later. It patches a gap in Hyper-V that could allow remote code execution.

"An attacker must have valid log-on credentials for a guest virtual machine to exploit this vulnerability," said Microsoft.

The remaining 10 patches are all marked 'important' and fix gaps in Windows, SQL Server and Microsoft Office.

Dustin Childs, information security expert at HP, confirmed that three of the flaws are actively being exploited.

Additional Info

  • Origin: GhAgent