Released almost two weeks ago, the new Windows 10 operating system already has its first set of security patches.
For August, Microsoft’s monthly round of security patches contains five bulletins that cover Windows 10, as well as a bulletin that covers the new Edge browser that runs on Windows 10.
Overall, Microsoft released 14 security bulletins for this month’s Patch Tuesday—which occurs on the second Tuesday of each month.
Three of the bulletins were marked as critical, meaning that they should be patched as quickly as possible. A bulletin typically contains a set of patches for a single set of software products, such as all the supported versions of Windows.
Windows 10 seems to be off to a solid start as far as being engineered for security, noted Wolfgang Kandek, chief technology officer for IT security firm Qualys. He noted that 40 percent of the generic Windows patches this month apply to Windows 10. By comparison, Windows 8 generated 60 percent of all the generic Windows patches then being issued in the first two months after that OS was released.
The three critical bulletins this month, MS15-079, MS15-80, and MS15-81, cover vulnerabilities in Windows, Internet Explorer, and Microsoft Office.
The critical bulletin for Office, MS15-081, is a rarity, in that critical bulletins are not usually issued for that software suite. The bulletin addresses a flaw that could allow an attacker to gain control of the machine by tricking the user into opening a maliciously crafted Word document.
Microsoft has noticed that this flaw is already being exploited by attackers.
There are a number of other bulletins that, though not marked as critical, administrators may want to take a close look at quickly anyway, Kandek advised.
One is MS15-085, which would allow an attacker to use a USB drive to gain entry to a system. The attacker could plant code on the drive that would activate when the drive is inserted into a computer. This vulnerability is also already being exploited by attackers.
Another bulletin, MS15-083, might be of critical importance for those still running Windows 2008 or Windows Vista. Shops using this software to run network file sharing services with the SMB (Small Message Block) protocol should apply this patch as soon as possible, Kandek said.