Microsoft has issued 12 security fixes in the latest Patch Tuesday release to address problems in Windows, Office, the new Edge browser and the perennial favourite, Internet Explorer.
Four of the updates are rated critical and eight important. The critical updates affect Internet Explorer (MS15-094), Microsoft Edge (MS15-095), Microsoft Graphics Component (MS15-097) and Windows Journal (MS15-098).
The fix for the Edge browser is a cumulative update addressing several vulnerabilities, the most severe of which could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
“An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user,” Microsoft explained.
The update is the second security overhaul for Edge after it was introduced with Windows 10 in July, suggesting that Microsoft hasn’t had much luck avoiding the same security problems as its first browser, IE.
The fixes listed for IE are rated critical for IE 7, IE 8, IE 9, IE 10 and IE 11 on Windows machines, and as moderate for the same versions on Windows servers.
The flaw also relates to the risk of remote code execution if a user views a specially crafted webpage using IE.
The critical flaw for Office relates to several versions of the tool, covering Office 2007, 2010, 2013 and 2013 RT. Meanwhile, it is rated as important for Excel for Mac 2011, Excel for Mac 2016, Microsoft SharePoint Foundation 2013 and SharePoint Server 2013.
Again the flaw relates to remote code execution and the risk of system privilege attacks.
The security community urged IT managers to pay the usual attention to the updates and ensure that they are installed where required, although Tyler Reguly, manager of security research at Tripwire, described it as a fairly "vanilla" month.
"There's nothing overly fancy or impressive that stands out in the list of updates. It's the usual flavour that we see month after month without anything exceptional or unique in the list," he said.
However, Tripwire security researcher Craig Young added that Edge and IE clearly have some of the same base systems in use, which researchers are becoming adept at finding.
"Looking at the four Edge vulnerabilities patched in August and the four memory corruption bugs addressed today, it is apparent that Edge and IE are at least sharing some libraries, if not more substantial components of the web rendering engine," he said.
"This would seem to reinforce the notion that original security research is still being performed first and foremost on the IE browser.”
The fixes issued by Microsoft in September take the total number of updates in 2015 past the 100 mark.
Qualys chief technology officer Wolfgang Kandek said that Microsoft is now on track to reach around 150 updates before the year's end, higher than he had originally predicted.
Kandek attributed this high number, in part, to the release of new products, such as the Edge browser, but more to the rising awareness and focus on security in the technology market.
"The real reason for the rise in bulletins is probably the rising attention that computer security is getting, which makes looking at computer security issues a valid career choice for more and more professionals," he said.
"Recent data breaches at the US Office of Personnel Management, Target and Ashley Madison have shown that the vulnerabilities and the relative slowness in addressing them can have impacts beyond the financial realm."
93 per cent of UK homes and businesses can now use 24Mbps+ broadband
1.9 trillion yen offer by WD-led consortium falls short of Toshiba's demands - but may be accepted anyway
Banking Trojan that 'wreaked havoc' in Europe and the US in 2014 may have absorbed NSA exploits to spread via network security flaws, not just phishing
Leaks in the run-up to Samsung Galaxy Note 8 launch pretty much gave it all away