Microsoft has come upward up amongst its close of import Patch Tuesday for this year, addressing the lately disclosed critical the FREAK encryption-downgrade attack, in addition to a split upward five-year-old vulnerability leveraged past times infamous Stuxnet malware to infect Windows operating system.
Stuxnet malware, a sophisticated cyber-espionage malware allegedly developed past times the States Intelligence in addition to Israeli authorities together, was peculiarly designed to sabotage the Iranian nuclear facilities a few years ago. First uncovered inward 2010, Stuxnet targeted computers past times exploiting vulnerabilities inward Windows systems.
Thankfully, Microsoft has issued a spell to protect its Windows machines that convey been left vulnerable to Stuxnet in addition to other like attacks for the past times 5 years. The fixes are included inward MS15-020 which resolves Stuxnet issue.
The society has too issued an update that patches the FREAK encryption vulnerability inward its SSL/TSL implementation called Secure Channel (Schannel). The fixes for the vulnerability are included inward MS15-031.
As nosotros convey mentioned inward our previous report, FREAK — brusk for Factoring laid on on RSA-EXPORT Keys — was initially idea to endure associated amongst Apple's Safari in addition to Android's stock browsers, but it was flora to demeanour on Windows PCs equally well.
This decades-old FREAK vulnerability allows an assailant on your network to forcefulness the software using Schannel constituent such equally Internet Explorer to purpose weak encryption over the web, then that they tin easily decrypt the intercepted HTTPS connections.
Among these 2 critical issues, the society has too released a bunch of other updates. Microsoft's March 2015 Patch Tuesday update bundles a sum of fourteen security-related updates for 43 vulnerabilities affecting Internet Explorer, VBscript, Text Services, Adobe Font Drivers, in addition to Office.
- MS15-018 - Influenza A virus subtype H5N1 Cumulative Security Update, rated equally 'critical', affects all supported versions of Internet Explorer in addition to addresses a number of Memory Corruption vulnerabilities, 2 superlative of privilege vulnerabilities, in addition to a VBscript retention corruption vulnerability.
- MS15-019 - This update addresses a scripting vulnerability inward to a greater extent than or less older versions of Windows operating systems. The vulnerability doesn't demeanour on Windows vii in addition to afterward desktop versions.
- MS15-021 - It addresses 8 vulnerabilities inward the Adobe Font Driver components for Windows in addition to Windows Server exploitable through a malicious website or file. It is too rated 'critical' due to the possibility of remote code execution.
- MS15-022 - This update fixes iii unknown flaws inward Office document formats equally good equally multiple cross-site scripting (XSS) issues for SharePoint Server, in addition to applies to all supported versions of Microsoft Office, equally good equally the server-based Office Web Apps in addition to SharePoint Server products.
- MS15-023 - This bulletin, rated equally 'important', addresses iv vulnerabilities inward the Windows Kernel-Mode driver allowing superlative of privilege in addition to data disclosure attacks past times launching a specially-crafted application.
Rest of all, MS15-024, MS15-025, MS15-027, MS15-028, MS15-29 in addition to MS15-30, are rated equally 'important' in addition to affected Windows in addition to Windows Server. Microsoft is advising all its users in addition to administrators to install the novel updates equally before long equally possible.