All versions of Windows affected by critical security flaw

Even Windows 10 wasn't left out of the trifecta of monthly security patches.

Microsoft has issued a "critical" patch for every supported version of Windows.

The software giant said in its monthly security bulletin as part of its so-called Patch Tuesday that Windows Vista and later, including Windows 10, require patching from a serious remote code execution flaw in Internet Explorer.

A problem-solving approach IT workers should learn from robotics engineers

Sometimes the most profound solution is to change the entire problem.

Microsoft's Edge browser is unaffected by the flaw.

The patch, MS15-106, addresses a flaw in how Internet Explorer handles objects in memory, the company said in its advisory. If exploited, an attacker could gain access to an affected machine, gaining the same access rights as the logged-in user, such as installing programs, and deleting data.

An attacker would have to "take advantage of compromised websites, and websites that accept or host user-provided content or advertisements," said the advisory. "These websites could contain specially crafted content that could exploit the vulnerabilities."

Windows server systems are also at risk, but its enhanced security mode helps to mitigate the vulnerability.

The software giant acknowledged researchers from FireEye, HP's Zero Day Initiative, Trend Micro, and Verisign, among others, for their work in discovering the flaw.

Two other patches, MS15-108 and MS15-109, address other critical vulnerabilities in Windows.

Microsoft also released three other patches -- MS15-107, MS15-110, and MS15-111 -- for "important" issues.

October's patches will be available through the usual update channels.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All