Microsoft Patch Tuesday Update Plugs FREAK Vulnerability, Stuxnet Security Flaw, And More

Microsoft has released a bundle of security updates as part of Patch Tuesday. The updates were meant to fix the issues that involve more than three dozen vulnerabilities found in Windows.

Some of the key topics that are found on the list include a security bulletin summary wherein the entries are arranged according to severity, an exploitability assessment of the addressed vulnerabilities, a table that listed the bulletins in order of software category, and detection and deployment tools and guidance.

The security bulletins address a number of vulnerabilities that are found in both the server and consumer editions of Windows, Exchange Server, SharePoint Server, Office, and Internet Explorer. Five of which have been classified as critical, which calls for administrators to apply them at the soonest time possible.

One of these five critical bulletins includes the latest Internet Explorer rollup and a patch for the FREAK attack. Discovered only recently, FREAK (Factoring attack on RSA-EXPORT keys) allows an attacker to intercept SSL (Secure Sockets Layer) encrypted traffic as it moves its way between clients and servers. The resulting flaw would then be used by the attacker to access and even change communications between the parties involved without their knowledge. Microsoft has provided a fix on the SSL implementations using its own software with MS15-031.

The MS15-020 is regarded as the highest profile bulletin that deals with solving some of the issues that were left by the Stuxnet patch (CVE-2010-2568) when it was originally released back in August 2010. At least two remote code execution vulnerabilities were covered in the bulletin. One patches the issue with Windows Text Services. The other addresses the way Windows deals with the loading of DLL files.

"The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory, by modifying how the VBScript scripting engine handles objects in memory, by helping to ensure that cross-domain policies are properly enforced in Internet Explorer, and by adding additional permission validations to Internet Explorer," said Microsoft.

In February, Microsoft also discussed in a blog post the release of an update to its Malicious Software Removal Tool, which was used for searching and removing Superfish, an adware program found to be factory-shipped with a number of Lenovo-made PCs. The adware has the same SSL encryption undermining capacity, which was demonstrated by researcher Robert Graham.

Photo: Mike Mozart | Flickr

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics