First Patch Tuesday Targets Windows 10 OS

Nearly half of its 14 security bulletins that Microsoft released on Patch Tuesday are for vulnerabilities in its new Windows 10 OS.

Two of the four “critical” vulnerabilities impact Windows, while one primarily affects the company's Office offerings. The worst vulnerability has to do with a remote hack if the user opens a specially crafted Microsoft Office file.

“An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user,” Microsoft wrote. “Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”

The last critical fix addresses vulnerabilities in Microsoft's new Edge browser that relate to three of the same RCE vulnerabilities in the prior bulletin.

This is the first patch cycle since Windows 10 has been released. The remaining 10 vulnerabilities were rated with “important” severity, meaning the patched bugs could, if left unfixed, compromise the “confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources."

Source: SCMagazine