Microsoft has issued the latest Patch Tuesday security release, including 11 fixes, four of which are labelled 'critical'.
The critical fixes relate to Windows, Office and, of course, Internet Explorer (IE), which is almost always included in these updates.
Microsoft explained in a bulletin on the latest fixes that the IE problems relate to a flaw that could allow attackers to carry out remote code execution on users who visited a specially crafted webpage while using IE.
“An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user,” Microsoft explained.
“Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”
This update is required for IE 6, IE 7, IE 8, IE 9, IE 10 and IE 11 on Windows machines and servers.
The Microsoft Office update addresses a similar problem and provides fixes for Word 2007, Word 2010, Office 2010 and Office Web Apps Server 2010.
The two further critical fixes relate to flaws in HTTP.sys and Microsoft Graphics Component in Windows.
The other fixes are all rated as 'important' and concern ‘escalation of privileges’ threats, the ability to bypass security features, unwanted information disclosure and denial of service.
Alan Bentley, senior vice president at Heat Software (formerly Lumension), said that organisations should focus first on the fix for Office.
“In terms of Microsoft prioritisation, start with MS15-033, as the critical bulletin addresses five CVEs [Common Vulnerabilities and Exposures] in Microsoft Office, including a fix of one zero-day vulnerability. CVE-2015-1641 is currently under attack on Word 2010," he said.
"The full update addresses Word 2007, 2012 and Word for Mac 2011. If this vulnerability is not patched, attackers could gain full user rights if a malicious Office file is opened."
The release from Microsoft comes at the same time that Oracle released its quarterly fixes, addressing 98 flaws covering Oracle Hyperion, Oracle Enterprise Manager and Java, among others.
Users are told that their non-existent 'iPhoneID' is expiring soon
Expansion of SDK intended to expand Amazon Alexa ecosystem
Locky returns from a prolonged rest with two new variants
AMD lambasted over Radeon RX Vega pricing that will add an extra £100 to RX Vega 56 and 64 graphics cards
Company accused of failing to tell anyone that the launch prices were only introductory offers