Last updated at Thu, 20 Jul 2017 18:56:06 GMT
This month Microsoft has released 8 security bulletins, affecting all supported platforms through remote code execution and elevation of privilege. Of the 8 Microsoft security bulletins, two are critical. Both critical bulletins (MS15-056 and MS15-057) are phishing based attacks requiring execution of a specially crafted website or specially crafted Microsoft Office file. An escalation of privilege could be possible in Microsoft Exchange Server (MS15-064) by means of Server-Side Request Forgery (SSRF) [CVE-2015-1764] and Cross-site Request Forgery (CSRF) [CVE-2015-1771]; Administrators, be sure to patch your Exchange servers ASAP.
Accompanying Microsoft's patch updates, Adobe has also released a security update for Adobe Flash Player and AIR affecting Windows, Macintosh and Linux. These updates result in vulnerability fixes for 13 CVEs that could potentially enable an attacker to control affected systems.
Overall this is a pretty low key Patch Tuesday release. However, be vigilant that users are paying special attention to phishing attacks.
