Patch Tuesday July 2015: Microsoft issues 14 bulletins, Adobe Flash joins in

In the month of the company’s biggest software launch in quite some time, Microsoft has had a relatively quiet Patch Tuesday. With Adobe’s Flash getting all the attention, Microsoft quietly released 14 patches for an array of its products, including Microsoft Office and Windows itself. There were a total of 58 vulnerabilities addressed.

There are four releases dubbed critical and the additional ten are labeled as important. But let’s begin with roundup up the most detrimental patches.

Internet Explorer still causing problems

Internet Explorer was again a culprit in this month’s security witch hunt, with Microsoft addressing an issue that “could allow remote code execution if a user views a specially crafted webpage using Internet Explorer,” noted the bulletin.

“An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user.”

This is particularly pertinent for those running Internet Explorer 11, according to security firm Vectra. It’s especially important that users install this patch if this is the case.

Microsoft was quick to point out that those users with lower privileges on a system “could be less impacted than those who operate with administrative user rights,” which seems to be a common theme running through all Windows systems. This issue also extends through all versions of Internet Explorer, fixing 28 vulnerabilities in total.

Previously, Microsoft has suggested that users enable another account on a system upon installing Windows, and use it in favour of the administrator’s account. The latter leaves too many doors ajar should a system be compromised.

The other Windows issues

Other critical patches were issued filling holes that could lead to remote code executi0n on Windows, thanks to Remote Desktop Protocol, VBScript and Hyper-V libraries. The RDP issue affects Windows 7 and 8 machines while the latter affects all desktop OSes beyond Windows 8, including Server 2008 and newer.

Other patches includes fixes to Microsoft’s Office suite and other vulnerabilities in Windows.

Patch Tuesday July also marks the end of Windows Server 2003 support, so admins should think about moving up the Server ladder, so to speak.

Enter Flash Player

Perhaps the suite enjoying the most flak is Adobe’s Flash Player. After Facebook’s Alex Stamos’ remarks and Mozilla’s move to block the plugin on Firefox, the company has swiftly moved to mend its dying plugin.

BIG NEWS!! All versions of Flash are blocked by default in Firefox as of now. https://t.co/4SjVoqKPrR #tech #infosec pic.twitter.com/VRws3L0CBW

— Mark Schmidt (@MarkSchmidty) July 14, 2015

It has released a patched version of Flash that includes fixes for two new 0-Day holes. If you’re wondering if your version of Flash is out of date, you can get the latest build here.

Two days since Microsoft issued the updates, there seems to be no adverse affects caused, but if you happen to experience any issues, feel free to leave a comment below.

Feature image: Mike Mozart via Flickr