Microsoft issues 14 security fixes in July's Patch Tuesday

Microsoft's monthly release of patches includes security fixes for dozens of vulnerabilities.
Written by Zack Whittaker, Contributor

Another day, another round of security fixes. And it's not even the first round of the day, if you count Adobe's latest release.

In Microsoft's round of updates for July, the company has issued 14 bulletins fixing dozens of vulnerabilities in many Microsoft products, including Windows and Office.

Three of the bulletins -- specifically MS15-065 for Internet Explorer, MS15-070 for Microsoft Office, and MS15-077 for Windows -- are being actively exploited by hackers, said HP's Dustin Childs in a tweet.

Here's the rundown of the most critical flaws:

MS15-065 addresses 28 vulnerabilities in versions of Internet Explorer 6 and later. This bulletin includes a slew of fixes, including "critical" vulnerabilities. It's thought that this also fixes a flaw exposed by the Hacking Team data breach.

MS15-066 is also rated "critical," and affects the VBScript engine in Windows Server 2003, Windows Server 2008, and Windows Vista. If a user visits a malware-ridden website, hackers can take over a machine with the same privileges as the logged-in user.

MS15-067 exists in Windows 7 and Windows 8, targeting the Remote Desktop Protocol (RDP). Users should install this patch immediately.

MS15-068 affects Windows users running Hyper-V, and can be used to install malware or other applications on a guest virtual machine. An attacker must have valid logon credentials for a guest virtual machine to exploit this vulnerability, however. This flaw affects Windows 8, Windows 8.1, and versions of Windows Server 2008 and later.

Other releases, from MS15-069 through to MS15-077, are all rated "important," and affect versions of both Windows and Office.

It's worth noting that MS15-058 was also fixed in this release, after it was unexpectedly left off the Patch Tuesday list for June. It affects versions of SQL Server 2008 and later.

A list of acknowledgements includes researchers from Google's Project Zero, HP's Zero Day Initiative, and Trend Micro, among others.

All of the aforementioned updates are worth applying as soon as possible through the usual update channels.

Correction: An earlier version of this post misattributed Childs' current employment. A former Microsoft staffer, he currently works for HP's Zero Day Initiative.

Editorial standards