Microsoft has issued 12 security fixes in the latest Patch Tuesday release to address problems in Windows, Office, the new Edge browser and the perennial favourite, Internet Explorer.
Four of the updates are rated critical and eight important. The critical updates affect Internet Explorer (MS15-094), Microsoft Edge (MS15-095), Microsoft Graphics Component (MS15-097) and Windows Journal (MS15-098).
The fix for the Edge browser is a cumulative update addressing several vulnerabilities, the most severe of which could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
“An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user,” Microsoft explained.
The update is the second security overhaul for Edge after it was introduced with Windows 10 in July, suggesting that Microsoft hasn’t had much luck avoiding the same security problems as its first browser, IE.
The fixes listed for IE are rated critical for IE 7, IE 8, IE 9, IE 10 and IE 11 on Windows machines, and as moderate for the same versions on Windows servers.
The flaw also relates to the risk of remote code execution if a user views a specially crafted webpage using IE.
The critical flaw for Office relates to several versions of the tool, covering Office 2007, 2010, 2013 and 2013 RT. Meanwhile, it is rated as important for Excel for Mac 2011, Excel for Mac 2016, Microsoft SharePoint Foundation 2013 and SharePoint Server 2013.
Again the flaw relates to remote code execution and the risk of system privilege attacks.
The security community urged IT managers to pay the usual attention to the updates and ensure that they are installed where required, although Tyler Reguly, manager of security research at Tripwire, described it as a fairly "vanilla" month.
"There's nothing overly fancy or impressive that stands out in the list of updates. It's the usual flavour that we see month after month without anything exceptional or unique in the list," he said.
However, Tripwire security researcher Craig Young added that Edge and IE clearly have some of the same base systems in use, which researchers are becoming adept at finding.
"Looking at the four Edge vulnerabilities patched in August and the four memory corruption bugs addressed today, it is apparent that Edge and IE are at least sharing some libraries, if not more substantial components of the web rendering engine," he said.
"This would seem to reinforce the notion that original security research is still being performed first and foremost on the IE browser.”
The fixes issued by Microsoft in September take the total number of updates in 2015 past the 100 mark.
Qualys chief technology officer Wolfgang Kandek said that Microsoft is now on track to reach around 150 updates before the year's end, higher than he had originally predicted.
Kandek attributed this high number, in part, to the release of new products, such as the Edge browser, but more to the rising awareness and focus on security in the technology market.
"The real reason for the rise in bulletins is probably the rising attention that computer security is getting, which makes looking at computer security issues a valid career choice for more and more professionals," he said.
"Recent data breaches at the US Office of Personnel Management, Target and Ashley Madison have shown that the vulnerabilities and the relative slowness in addressing them can have impacts beyond the financial realm."
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago