Microsoft has issued a fairly hefty Patch Tuesday update for November, with 12 updates that fix a total of 53 issues across all supported versions of Windows and Internet Explorer.
Four of the updates are rated as critical and eight as important. The updates bring the total number of patches issued by Microsoft in 2015 to 123, the biggest yearly total to date and still with one month to go.
Perhaps the most notable update is MS15-112, which contains 25 fixes for various versions of Internet Explorer from IE 7 through to IE 11, with the most serious of these flaws able to let hackers gain control of user machines.
“The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer,” Microsoft explained.
“An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user.”
Russ Ernst, director product management at Heat Software, said security staff should make this their top update priority, given IE’s huge user base.
“MS15-112 […] should be first on your list of updates to make this week. As always, IE remains a popular browser which also makes it a favourite threat vector.”
Another notable update is MS15-115, which contains fixes for all versions of Windows from Windows Vista through to Windows 10.
“The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts,” Microsoft said.
The remaining eight fixes are rated as important, and cover a raft of Microsoft tools, including Lync, Skype for Business, and Office.
Ernst from Heat said the good news for security teams is that there is no evidence of any of these flaws being exploited in the wild, but this was no reason to not act promptly.
"Microsoft has been very busy pushing out updates this year, as the bad guys get better. Patching is obviously paramount – it’s once again time to clear off the bad guys’ low-hanging fruit," he said.
Last month, numerous security experts told V3 they believe the patching culture that exists within the software world is unsustainable and firms churning out code need to get better at quality control to stop so many flaws being released in the wild.
OnePlus 3T canned to make way for imminent OnePlus 5 with Snapdragon 835, 8GB memory and dual camera
OnePlus 3T to be prematurely retired on 1 June - perhaps indicating plans for an imminent OnePlus 5 launch
Thunderbolt 3 goes royalty-free as Intel bids to persuade more OEMs to adopt its connectivity standard
Intel adds native support for Thunderbolt 3 and USB 3.1 gen 2 to microprocessors
Open source solutions provider makes acquisition in bid to shore up cloud development tools business
Aims to "end data bottlenecks"