Microsoft Corporation (MSFT) Releases Five Critical Security Patches


Microsoft Corporation (NASDAQ:MSFT) finally sealed a vulnerability exploited by Stuxnet, that left machines exposed to exploitations since 2010, with the release of a patch on Patch Tuesday. The released Stuxnet Patch was part of 14 bulletins that were released by the Redmond-based company

Microsoft Corporation (NASDAQ:MSFT) ranks five of the released bulletins as critical, made of a roll up for Internet Explorer as well as a solution for a recently revealed FREAK attack. There was also good news with the addition of SHA-2 code signing support on Windows 7 and Windows Server 2008 R2 as current versions of the platform already have the support feature.

Stuxnet Patch

The Freak attack patch addresses forces that caused systems to downgrade the key length of an RSA key to a crackable 512 bits. Initially, it was believed that Freak was confined to SSL clients, but a warning was later issued about Shannel’s exposure.

However, the highest profile bulletin release has to be MS15-020 that solves issues accrued from the original Stuxnet patch CVE-2010-2568 as the patch covers two code execution vulnerabilities. One of the solutions will address how Windows handles the loading of DLL files, while the other one handles how Windows Text Services improperly handled objects in memory.

Internet Explorer Patch

Microsoft Corporation (NASDAQ:MSFT) has also addressed a number of memory corruption and elevation of privileges vulnerabilities in Internet Explorer with the release of the IE bulletin MS15-018. The fix modifies the way the browser hands objects in memory by essentially modifying how the VBScript scripting engine handles objects in memory.

Vulnerability on Windows VBScript Scripting engine that could lead to remote code execution was also patched with MS15-019. The Microsoft Corporation (NASDAQ:MSFT) Office also received a fix for a critical remote code execution vulnerability with Adobe Font also being patched by the critical bulletin MS15-021.

Critical RCE vulnerabilities are usually exploited online, by taking advantage of a flow in the way that a given driver improperly overwrites objects in memory. None of the vulnerabilities have been disclosed nor exploited in truth.

Viraj Shah

Viraj Shah has completed M.Com (Finance) and is currently pursuing his CFP. He tracks US markets along with other global markets like India very closely. He is very passionate about stocks, real estate, and technology. He also believes that money can always be made in the market.

You may also like...

Read previous post:
Citigroup Apple Pay
Apple Inc. Apple Pay Adds More Merchants As It Pursues 700,000 Locations

Apple Inc. (NASDAQ:AAPL)’s payment system, Apple Pay, continues to ramp up support, despite receiving resentment in its initial days, as...

Close