On Tuesday, Microsoft released a large number of security bulletins for newly discovered vulnerabilities.  All home & corporate users should promptly update their systems:




The updates from Microsoft for October are on the lighter side this month, at least in comparison with previous months. The company released six security bulletins – two critical – addressing 33 vulnerabilities in Internet Explorer, Windows, Office, JScript/VBScript, and the Edge browser. More than a third of these CVEs were reported through the HP ZDI program.

Similar to Adobe, none of these bugs are listed as being under active attack. Three of these bugs were publicly disclosed before the updates were available – one in the IE bulletin (CVE-2015-6056) and two in Windows Kernel (CVE-2015-2552 and -2553). Also note that for users of IE, both the MS15-106 and MS15-108 updates will need to be applied to be fully protected. If you need to prioritize testing, those would be a good first step. MS15-109 is the other critical bulletin for this month and should also receive special attention. While there is an update for the Edge browser this month, it is good to see the bugs addressed are much less severe than those fixed in IE.