Microsoft fixes four critical security flaws in August's Patch Tuesday

Even Windows 10 wasn't left out of this month's bumper round of security updates.

It turns out there are three things certain in life: Death, taxes, and software patches.

In Microsoft's scheduled monthly round of security fixes, even the company's newest operating system, Windows 10, wasn't let off the hook.

For this month's so-called Patch Tuesday, the company has issued 14 bulletins fixing almost five-dozen separate vulnerabilities in Windows, Windows Server, Internet Explorer, and Office, among other products.

Here's the rundown for the most critical flaws:

MS15-079 fixes a series of memory corruption flaws in all supported versions of Internet Explorer. If an affected user visits a specially-crafted webpage, an attacker could gain the same user privileges as the user. Those running as an administrator would be most affected by the flaw.

MS15-080 resolves vulnerabilities in Microsoft Lync, Silverlight, and .NET Framework, which could allow an attacker to run malicious code by tricking a user into opening a webpage or document containing embedded TrueType or OpenType fonts. The attacker would be able to install programs, view and delete data, and create new user accounts with full administrative rights.

MS15-081 fixes vulnerabilities in Office, which would allow an attacker to remotely run code as the logged-in user if a malicious file was opened. Administrative users are most affected by this bulletin.

MS15-091 affects Windows 10's newest browser, Edge. An attacker could run malicious code on an affected machine if a user visits a specially-crafted webpage, allowing access at the logged-in user level.

ZDNet's Mary Jo Foley reports additional non-security fixes, for performance and functionality, have also landed in Windows 10.

Other releases, from MS15-082 through to MS15-090 and including MS15-092, are all rated "important," affecting Windows, Windows Server, and Office.

The software giant acknowledged researchers from HP's Zero Day Initiative, VeriSign, Google's Project Zero, and Trend Micro, among others, for their security work and research.

August's patches will be available through the usual update channels.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All