MICROSOFT IS GIVING users a bit of a break this month with a much lighter Patch Tuesday load than in recent times.
There are just eight fixes in the Microsoft Security Bulletin Summary for June 2015, only two of which are marked critical.
MS15-056 is the monthly Cumulative Security Update for Internet Explorer. There's 20 fixes here, a lot of them as a result of HP's Zero Day Initiative.
MS15-057 is a bit rare - a vulnerability in Windows Media Player that could allow remote code execution.
MS15-059 is for Microsoft Office 2010 and 2013 and fixes two Project Zero finds.
MS15-060 fixes a remote code vulnerability in Windows.
MS15-061 has 11 fixes for Windows kernel vulnerabilities. Seven were reported by Project Zero, but were fixed before Judge Google laid down some justice.
MS15-062 is for servers running Active Directory Federation Services.
MS15-063 covers another kernel vulnerability that could lead to elevation of privileges.
MS15-064 fixes an elevation of privilege issue with Microsoft Exchange Server.
Did you spot it? That's right. There's no MS15-058. We don't know why this is. Perhaps something was pulled at the last minute, or perhaps there's an out-of-band coming up.
Chris Goettl, product manager at Shavlik, agreed with this explanation. He also warned that the announcement of these problems means it's time to act quickly.
"Microsoft has released eight bulletins aside from MS15-058. Two of these are rated as critical. There are also two public disclosures and one vulnerability currently reported in an exploit in the wild," he said.
"Keep in mind: a vulnerability that has been publicly disclosed will have an increased risk of being exploited."
Goettl also looked beyond Windows, pointing out that there is a Priority 1 update for Flash and AIR available from Adobe coded APSB15-11 and containing 13 fixes.
We reported yesterday that Flash malware jumped 317 percent during the first quarter of 2015, according to security firm McAfee.
This is the penultimate Patch Tuesday before the arrival of Windows 10, which moves to a 24/7 automated patching system.
This will see the end of Patch Tuesday, but not until Windows 8.1 reaches end of life in 2023, by which time viruses will have evolved to be so large that you'll just be able to hit them with a snooker ball in a sock. µ
Windows 10, 64-bit OS devices susceptible to rootkit attack
Malware suite likened to Stuxnet worm
Not the biggest fish out there
Redmond says figure is closer to the five million mark