When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft fixes serious remote code execution and elevation of privilege exploits

Neowin · · Hot! with 4 comments

Microsoft has just released a cumulative update for Windows 10 Version 1511 (KB3140768), bringing Windows 10 to version 10586.164 and with that update are a large number of fixes for what appear to be very serious exploits, affecting a large number of Windows subsystems.

The security updates are listed at the bottom of this article, but to summarize the KB articles, it appears that there is an issue with how Windows handles objects in memory, allowing an attacker to gain administrative privileges over a system running any version of Windows from Windows Vista on. This attack can seemingly be delivered through a variety of channels, including applications, pdf files, Microsoft Office documents, USB drives, or even media files hosted on a website.

Because of the wide ranging nature of these fixes, and the public nature of them now that they have been released, it is highly recommended that everyone install these updates immediately to best protect themselves from malicious software. These patches also affect all versions of Windows currently supported.

  • Security Update for .NET Framework to Address Security Feature Bypass - Important
  • Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege - Important
  • Security Update for Windows USB Mass Storage Class Driver to Address Elevation of Privilege - Important
  • Security Update for Secondary Logon to Address Elevation of Privile - Important
  • Security Update for Microsoft Windows to Address Elevation of Privilege - Important
  • Security Update for Windows OLE to Address Remote Code Execution - Important
  • Security Update for Microsoft Office to Address Remote Code Execution - Important
  • Security Update for Microsoft Windows PDF Library to Address Remote Code Execution - Critical
  • Security Update for Windows Media to Address Remote Code Execution - Critical
  • Security Update for Graphic Fonts to Address Remote Code Execution - Critical
  • Security Update for Windows Library Loading to Address Remote Code Execution - Important

We have reached out to Microsoft and are waiting for a comment on the exploit or exploits that were patched.

Source: Microsoft Security Bulletin

Report a problem with article
Next Article

Microsoft Garage updates Hub Keyboard and Next Lock Screen with important fixes

A logo of Eclipse
Previous Article

Microsoft joins Eclipse Foundation and brings more tools to community

Join the conversation!

Login or Sign Up to read and post a comment.

4 Comments - Add comment