Microsoft has issued its final Patch Tuesday update of 2015, taking the total number of security fixes for the year to 135. This is well in excess of the 85 issued in 2014.
The December update contained 12 fixes, eight of which are rated critical while the other four are rated as important.
The critical fixes relate to key Microsoft products including Internet Explorer, its new Edge browser, the Silverlight video player and issues within Windows, as well as Skype for Business and Lync. The four important fixes all relate to Windows.
The MS15-124 fix for Internet Explorer is a cumulative update for the browser, fixing several issues. Microsoft said the most severe of these could allow remote code execution if a user visits a specifically crafted web page in IE. The Edge update fixes the same problem.
“An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user,” explains Microsoft in its notes.
Meanwhile, the MS15-128 fix covers similar issues in Microsoft Windows, .NET Framework, Microsoft Office, Skype for Business, Microsoft Lync and Silverlight.
“The vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a web page that contains specially crafted embedded fonts," Microsoft's notes explain.
One other notable fix is MS15-135, which, while only rated as important, is the issue that Qualys CTO Wolfgang Kandek said businesses should focus on first, as it addresses a zero-day vulnerability within the Windows kernel.
“There is no further information about how widely spread the vulnerability and its exploit are, but it is worth a top spot in our priority list," he said.
Another fix Kandek said IT admins should focus on is MS15-131, which covers an issue within Microsoft Office and is rated as critical.
"CVE-2015-6172 is a critical vulnerability in Outlook that is triggered by a maliciously formatted email message," he said.
"There is no reasonable workaround: Microsoft suggests turning off the preview pane - the digital equivalent of 'Just don’t do it', so patch this vulnerability as soon as possible."
Kandek also said that while part of the increase in vulnerabilities found and fixed in 2015 can be attributed to the release of new products, such as Windows 10 and its Edge browser, the focus on finding security issues is also growing.
“The majority of the increase is due to new parts of the Windows ecosystem that are being investigated for the first time, a tendency that shows how much more important computer security has become over the years," he said.
Deal intended to help organisations chip away at their unstructured data
Nvidia takes aim at organisations looking to incorporate AI and VR
Cook told Apple staff in an email that "hate is a cancer"
Galaxy Note 8 will offer IP68 certification, a Samsung Exynos 8895 CPU, 6GB of RAM, 64GB of storage and IP68 certification