Microsoft's monthly release of security updates arrived today, right on schedule. The June 2015 list contains eight items, with two of them rated Critical. That has to be good news for IT pros who've struggled with an abundance of updates in recent months.
There's even better news for anyone running Windows 8.1 or Windows 10, because one of those two Critical security updates applies only to Windows 7 and earlier versions.
This is the mercifully short list of updates in the Important category on a system running Windows 8.1 with Office 365.
MS15-056 is the monthly Cumulative Security Update for Internet Explorer (3058515). It includes fixes for more than 20 newly reported vulnerabilities, many of them from HP's Zero Day Initiative, and should be considered a mandatory update on any system, desktop or server, running any modern version of Windows.
Four of the remaining six updates affect Windows. The most interesting is MS15-061, which includes fixes for 11 Windows kernel vulnerabilities. Of that total, seven were reported as part of Google Project Zero and apparently fixed before Google's automatic disclosure was triggered.
There's also one mystery in this month's list. Microsoft reserved nine numbers for its June 2015 bulletins, but MS15-058 is nowhere to be found, and its associated Knowledge Base page contains placeholder text. That strongly suggests an update was pulled at the very last minute.
As usual, the Patch Tuesday delivery also includes a number of Recommended updates, which will be installed automatically if that option is enabled in Windows Update. Besides the monthly compatibility update, most are fixes for relatively obscure bugs.
Maybe this month's light load is a sign that this will be a quiet summer for anyone involved in IT security. One can dream, right?
Hacking vulnerabilities with the Internet of Things: Risks and security loopholes