icetray - Fotolia
Microsoft released just six security bulletins for October's Patch Tuesday, but three are rated as critical, with one affecting all supported versions of the Windows operating system.
Administrators should concentrate on rolling out the patch for Microsoft Security Bulletin MS15-106, which details a critical vulnerability in Internet Explorer (IE) 7 through IE 11 on Windows Vista through Windows 10, security researchers said. The IE update addresses 15 vulnerabilities in total, nine of which are critical and could allow remote code execution if a user views a specially crafted webpage.
"I think the Internet Explorer update gets the highest priority just because of the total number of users having and using Internet Explorer on their systems," said Amol Sarwate, director of engineering for security vendor Qualys Inc., in Redwood City, Calif.
An Office exploit that deserves attention
While Microsoft rates its security bulletin MS15-110 as "important," some security firms would elevate these bulletins to a critical status due to the number of users it can affect. The bulletin details vulnerabilities in Microsoft Office, which could allow a hacker to perform remote code execution.
"[I]f you read the bulletin, you'll find that five out of the six [issues] are remote code execution," said Wolfgang Kandek, CTO at Qualys. "That's the worst for us. This is what the attacker wants. He wants to send you, in this case, an Excel document, and you open it and code executes on your machine. Those really deserve a critical rating."
Other critical releases
The two other bulletins rated as critical also deal with remote code execution exploits.
The last critical update, MS15-109, touches all supported versions of Windows -- from Windows Vista to Windows 10 and the server editions in between -- where an attacker can use either a crafted email or website to exploit a vulnerability in the Windows shell to remotely execute codes.
The other important patches
Microsoft also issued an important patch for the new Edge browser on Windows 10 systems that it lists under bulletin MS15-107. The fix prevents a hacker from gaining access to data on the affected machine.
The final bulletin, MS15-111, is rated important and concerns all supported versions of Windows -- from Vista to Windows 10 -- which could give a hacker system-level access if they have managed to log in to the system and run an exploit through a specially crafted application.
Further information on these bulletins can be found on the Microsoft Security Advisories and Bulletins site.
Microsoft evolves Patch Tuesday into Windows Update for Business
October Patch Tuesday 2015 has fewest bulletins this year
Catch up on the Office fixes for September Patch Tuesday