Today Microsoft released 12 security updates, with four of them being marked as critical. Microsoft updates are labeled critical when the vulnerability could be exploited by a remote user to execute code on the attacked machine. This is done by attackers creating specially crafted web pages that exploit these vulnerabilities when a user visits them from a vulnerable version of Windows. Once the vulnerability is exploited, the attacker can execute commands that downloads and executes software on the affected machine.

These critical updates were for issues in Internet Explorer, Microsoft Edge, Windows Journal, and the Windows operating system. Three of the other 12 updates are rated as Important due to their ability to a raise a local user's privileges in Windows and thus giving them more permission to files or programs than they normally would have.

A detailed list of the patched vulnerabilities are:

 

Bulletin ID 

Bulletin Title and Executive Summary

Maximum Severity Rating
and Vulnerability Impact

MS15-112

Cumulative Security Update for Internet Explorer (3104517) 
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Critical 
Remote Code Execution

MS15-113

Cumulative Security Update for Microsoft Edge (3104519) 
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Critical 
Remote Code Execution

MS15-114

Security Update for Windows Journal to Address Remote Code Execution (3100213)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Critical 
Remote Code Execution

MS15-115

Security Update for Microsoft Windows to Address Remote Code Execution (3105864) 
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts.

Critical 
Remote Code Execution

MS15-116

Security Update for Microsoft Office to Address Remote Code Execution (3104540) 
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Important 
Remote Code Execution

MS15-117

Security Update for NDIS to Address Elevation of Privilege (3101722) 
This security update resolves a vulnerability in Microsoft Windows NDIS. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.

Important 
Elevation of Privilege

MS15-118

Security Update for .NET Framework to Address Elevation of Privilege (3104507) 
This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if an attacker convinces a user to navigate to a compromised website or open a link in a specially crafted email that is designed to inject client-side code into the user’s browser.

Important 
Elevation of Privilege

MS15-119

Security Update for Winsock to Address Elevation of Privilege (3104521) 
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs specially crafted code that is designed to exploit the vulnerability.

Important 
Elevation of Privilege

MS15-120

Security Update for IPSec to Address Denial of Service (3102939) 
This security update resolves a denial of service vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could cause the server to become nonresponsive. To exploit the vulnerability an attacker must have valid credentials.

Important 
Denial of Service

MS15-121

Security Update for Schannel to Address Spoofing (3081320) 
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server.

Important 
Spoofing

MS15-122

Security Update for Kerberos to Address Security Feature Bypass (3105256) 
This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass can be exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer.

Important 
Security Feature Bypass

MS15-123

Security Update for Skype for Business and Microsoft Lync to Address Information Disclosure (3105872) 
This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a target user to an instant message session and then sends that user a message containing specially crafted JavaScript content.

Important 
Information Disclosure

 

Related Articles:

Microsoft resumes rollout of Windows 11 KB5039302 update for most users

Microsoft pulls Windows 11 KB5039302 update causing reboot loops

Windows 11 KB5039302 update released with 9 changes or fixes

Windows 10 KB5039299 update released with 10 changes or fixes

Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs