When it was announced that Microsoft Edge would replace Internet Explorer in Windows 10, a lot of members in the tech industry took notice. Internet Explorer has been, admittedly, a well-known target for vulnerabilities for years. We noted that in 2014 alone, a total of 243 memory corruption vulnerabilities in Internet Explorer were disclosed and patched.
But weeks after its official release, it seems like Microsoft Edge is still working out some kinks, as one of the “Critical” security updates for this month applies to the new browser. MS15-091 is a cumulative security update for Microsoft Edge. According to the bulletin, the update addresses vulnerabilities, the most severe of which could “allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.”
This month’s Patch Tuesday brings another cumulative security update for Internet Explorer (MS15-079). Like that of Microsoft Edge’s, the patch addresses vulnerabilities that could allow remote code execution. The two other “Critical” updates also involve remote code execution: one for Microsoft Office (MS15-081) and the other for a Microsoft graphics component (MS15-080). Aside from the four “Critical” vulnerabilities, this month’s Patch Tuesday has ten “Important” updates, bringing the total to fourteen for August.
Adobe has also released a security update (APSB15-19), which addresses vulnerabilities for Adobe Flash Player. According to the bulletin, the updates “address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.”
Users are strongly advised to update their software and systems with the latest patches from Microsoft and Adobe. For additional information on these security bulletins, visit our Threat Encyclopedia page.
Trend Micro solutions
Trend Micro Deep Security and Vulnerability Protection protect user systems from threats that may leverage these vulnerabilities with the following DPI rules:
- 1006624-Microsoft Office Component Use After Free Vulnerability (CVE-2015-1642)
- 1006928-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2442)
- 1006929-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2443)
- 1006930-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2444)
- 1006931-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2446)
- 1006932-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2448)
- 1006933-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2450)
- 1006934-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2451)
- 1006935-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2015-2452)
- 1006936-Microsoft Office Graphics Component Remote Code Execution Vulnerability (CVE-2015-2431)
- 1006937-Microsoft Office Memory Corruption Vulnerability (CVE-2015-2467)
- 1006938-Microsoft Office Memory Corruption Vulnerability (CVE-2015-2468)
- 1006939-Microsoft Office Memory Corruption Vulnerability (CVE-2015-2469)
- 1006940-Microsoft Office Integer Underflow Vulnerability (CVE-2015-2470)
- 1006941-Microsoft Office Memory Corruption Vulnerability (CVE-2015-2477)
- 1006944-Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2432)
- 1006945-Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2456)
- 1006946-Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2458)
- 1006947-Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2459)
- 1006948-Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2460)
- 1006949-Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2461)
- 1006950-Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2015-2462)
- 1006951-Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2463)
- 1006952-Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2464)
- 1006955-Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2435)
- 1006956-Microsoft Windows TrueType Font Parsing Vulnerability (CVE-2015-2455)
