During the Patch Tuesday in March, Microsoft released 14 updates to address a total of 45 vulnerabilities affecting Windows, Internet Explorer, Office and Microsoft Exchange. It is a little bit month for this month of April but there is no real respite.
For this month, there are eleven updates and a total of 26 security vulnerabilities to be addressed. The affected products are Windows, Internet Explorer, Office and .NET. Of the updates, four are considered critical.
The most critical of all is MS15-033. This is because this update for Office offers a patch for a publicly disclosed vulnerability (remote memory corruption) for which exploitation has been detected. In this case, these are limited attacks targeting Word 2010. However, MS15-033 is also aimed at other versions of Office.
MS15-032 is a critical update for Internet Explorer with ten vulnerabilities in its baggage. All versions of the browser are affected. Of the remote code execution type, almost all the flaws were reported confidentially by Zero Day Initiative of HP which is the sponsor of the Pwn2Own hacking contest.
All versions of Windows are entitled to the critical update MS15-035 in order to correct a vulnerability in the Microsoft Graphics component. The problem lies in the way Windows processes certain files in EMF (Enhanced Metafile; image format) format which have been specially designed. Although critical, exploiting this remote code vulnerability does not seem straightforward.
The last critical update is MS15-034 which fixes an HTTP.sys vulnerability which could allow remote code execution via an attacker sending a specially crafted HTTP request (a rather vague description). If there is no exploit in the wild, exploitation is considered probable. The correction is therefore necessary for Windows 7 and 8, Windows Server 2008 R2 and 2012.
All that remains is to patch …