Microsoft has issued May 2015 Patch Tuesday to release 13 security bulletins that addresses 48 security vulnerabilities in their products. 3 out of 13 security bulletins issued by rated as ‘critical’, while the rest are rated as ‘important’ in severity, with none of these vulnerabilities are actively exploited at this time. Affected products include Internet Explorer (IE), current versions of Windows (and its components), Office, SharePoint Server, Silverlight and .NET Framework.
Security bulletin rated Critical bundles:
MS15-043 – Cumulative security update for Internet Explorer that patches 22 separate flaws, including 14 memory corruption bugs and The most severe of the vulnerabilities could allow remote code execution if user views specially crafted webpage using Internet Explorer.
MS15-044 – Security update patches two flaws in the OpenType and TrueType font rendering code that could be exploited in .NET Framework, Lync, Office, Windows, and Silverlight. The most severe of the vulnerabilities could allow remote code execution if user opens specially crafted document or visits an untrusted webpage that contains embedded TrueType fonts.
MS15-045 – Security update patches six flaws in Windows Journal program, which comes installed by default in all supported client versions of Windows. All the six flaws could allow remote code execution if user opens specially crafted Journal file.
Security bulletin rated Important bundles:
MS15-046 – Fixes a pair of vulnerabilities in Office allowing remote code execution. The most severe of the vulnerabilities could allow remote code execution if user opens specially crafted Microsoft Office file.
MS15-047 – Patches one remote code execution vulnerability in SharePoint. The vulnerabilities could allow remote code execution if authenticated attacker sends specially crafted page content to SharePoint server.
MS15-048 – Patches a pair of vulnerabilities in the .NET Framework allowing denial of service (DoS) and elevation of privilege. The most severe of the vulnerabilities could allow elevation of privilege if user installs specially crafted partial trust application.
MS15-049 – Fixes one elevation of privilege bug in Silverlight. The vulnerability could allow elevation of privilege if specially crafted Silverlight application is run on affected system.
MS15-050 – Fixes one elevation of privilege flaw in Windows Service Control Manager which is caused when SCM improperly verifies impersonation levels.
MS15-051 – Patches six vulnerabilities in Windows Kernel allowing information disclosure and elevation of privilege. The more severe of these vulnerabilities could allow elevation of privilege if attacker logs on locally and runs arbitrary code in kernel mode.
MS15-052 – Fixes one security feature bypass flaw in Windows Kernel. The vulnerability could allow security feature bypass if attacker logs on to affected system and runs specially crafted application.
MS15-053 – Patches a pair of ASLR security feature bypasses vulnerabilities in JScript and VBScript Scripting Engines.
MS15-054 – Fixes one denial of service (DoS) bug in the Microsoft Management Console. The vulnerability could allow denial of service if remote, unauthenticated attacker convinces user to open share containing specially crafted .msc file.
MS15-055 – Patches one vulnerability in Schannel allowing for information disclosure. The vulnerability could allow information disclosure when Secure Channel (Schannel) allows the use of a weak Diffie-Hellman ephemeral (DHE) key length of 512 bits in an encrypted TLS session.
Microsoft advised users to test and install May 2015 Security Updates as soon as possible.