All versions of Windows affected by critical security flaw

[Karamjit]

Even Windows 10 wasn't left out of the trifecta of monthly security patches

Microsoft has issued a "critical" patch for every supported version of Windows.

The software giant said in its monthly security bulletin as part of its so-called Patch Tuesday that Windows Vista and later, including Windows 10, require patching from a serious remote code execution flaw in Internet Explorer.

Microsoft's Edge browser is unaffected by the flaw.

The patch, MS15-106, addresses a flaw in how Internet Explorer handles objects in memory, the company said in its advisory. If exploited, an attacker could gain access to an affected machine, gaining the same access rights as the logged-in user, such as installing programs, and deleting data.

An attacker would have to "take advantage of compromised websites, and websites that accept or host user-provided content or advertisements," said the advisory.

"These websites could contain specially crafted content that could exploit the vulnerabilities."

Windows server systems are also at risk, but its enhanced security mode helps to mitigate the vulnerability.

The software giant acknowledged researchers from FireEye, HP's Zero Day Initiative, Trend Micro, and Verisign, among others, for their work in discovering the flaw.

Two other patches, MS15-108 and MS15-109, address other critical vulnerabilities in Windows.

Microsoft also released three other patches -- MS15-107, MS15-110, and MS15-111 -- for "important" issues.

October's patches will be available through the usual update channels.

Source

[straycat19]

same access rights as the logged-in user, such as installing programs, and deleting data.

If you use any rights above 'user' for your normal computing, and you allow user to do anything but run installed programs then you get everything you deserve. As I have stated before, I turned off updates in June when microsoft started adding 'telemetry' to all versions. My system is stable and secure.