Microsoft has issued a fairly hefty Patch Tuesday update for November, with 12 updates that fix a total of 53 issues across all supported versions of Windows and Internet Explorer.
Four of the updates are rated as critical and eight as important. The updates bring the total number of patches issued by Microsoft in 2015 to 123, the biggest yearly total to date and still with one month to go.
Perhaps the most notable update is MS15-112, which contains 25 fixes for various versions of Internet Explorer from IE 7 through to IE 11, with the most serious of these flaws able to let hackers gain control of user machines.
“The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer,” Microsoft explained.
“An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.”
Russ Ernst, director product management at Heat Software, said security staff should make this their top update priority, given IE’s huge user base.
“MS15-112 […] should be first on your list of updates to make this week. As always, IE remains a popular browser which also makes it a favourite threat vector.”
Another notable update is MS15-115, which contains fixes for all versions of Windows from Windows Vista through to Windows 10.
“The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts,” Microsoft said.
The remaining eight fixes are rated as important, and cover a raft of Microsoft tools, including Lync, Skype for Business, and Office.
Ernst from Heat said the good news for security teams is that there is no evidence of any of these flaws being exploited in the wild, but this was no reason to not act promptly.
"Microsoft has been very busy pushing out updates this year, as the bad guys get better. Patching is obviously paramount – it’s once again time to clear off the bad guys’ low-hanging fruit," he said.
Last month, numerous security experts told V3 they believe the patching culture that exists within the software world is unsustainable and firms churning out code need to get better at quality control to stop so many flaws being released in the wild.
Facebook and CVs. What could possibly go wrong?
OnePlus volte face will also enable users to opt-out of company's device data collection practice
Dorsey promises "more aggressive stance" on rules and enforcement
A team of US researchers have confirmed that an exploit can hack into any WPA-2 wireless network, but details are slim