Microsoft has rolled out July’s Patch Tuesday update with 14 bulletins that lists four patches as critical and 10 as important, among which three bulletins are reportedly being actively exploited by hackers.
MS15-065, one of the critical patches resolves 28 flaws in Internet Explorer (versions - IE 6 and later), is the big update that fixes remote code execution flaws that can give hackers the same privileges as the current users in the Internet Explorer, when exploited using a compromised webpage.
“The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user,” read the Security Bulletin Summary.
Another critical patch MS15-066 that affects the VBScript engine in Windows Server 2003, Windows Server 2008, and Windows Vista, can lead to hackers taking over the computer with privileges similar to the logged-in user, when a malware-ridden website is visited.
The other two critical bulletins - MS15-067 targets Remote Desktop Protocol in Windows 7, 8 and requires immediate installation, and MS15-068 affects users running Hyper-V in Windows 8, Windows 8.1 and Windows Server 2008 and later versions.
MS15-058 flaw that was skipped by Microsoft in June Patch Tuesday update, was also fixed in this release. The bulletin is listed as important and addresses the vulnerabilities in SQL Server that can allow remote code execution.
The other patches - MS15-069 to MS15-077, rated as important by the company affects Windows and Microsoft Office.
Microsoft has also announced that this is the last Patch Tuesday update for Windows Server 2003 and that there will no future updates or security fixes for the server, Softpedia reported.
Users of Windows Server 2003 are asked to upgrade their servers soon to receive continued support from the Redmond company.