Microsoft Patches 53 Critical Vulnerabilities in May's Patch Tuesday
Microsoft has issued a series of security updates to address critical vulnerabilities in its software. The patches, released on May's Patch Tuesday, bring the yearly total to 53. These updates include fixes for remote code execution (RCE) flaws in various Microsoft products and Adobe software.
Among the updates, MS15-043 addresses 22 CVEs in Internet Explorer, 14 of which are critical and allow RCE. Another patch, MS15-044, tackles two critical font vulnerabilities in the GDI+ library, affecting many Microsoft products and enabling RCE via malicious webpages or documents. Additionally, MS15-046 addresses RCE file format vulnerabilities in Word and Excel, with about 10% of targets opening malicious email attachments.
Windows Journal has six vulnerabilities, two of which are publicly known but not exploited. Microsoft advises users to patch these quickly. SharePoint also receives a fix for a potential RCE type vulnerability in MS15-047.
Adobe has addressed critical problems in Adobe Flash and Adobe Reader/Acrobat with advisories APSB15-09 and APSB15-10. These updates require user interaction to execute exploits.
According to the Verizon Data Breach Investigation Report from April 2015, 50% of newly exploited vulnerabilities are hit within two weeks. In 2014, only 5% of RCE type vulnerabilities in Microsoft software had working exploits.
With these updates, Microsoft and Adobe aim to protect users from potential security threats. It's crucial for users to apply these patches promptly to stay secure. The increasing pace of vulnerability exploitation underscores the importance of regular software updates.
