Microsoft Patch Tuesday Highlights Edge’s Security Credentials

Microsoft’s Patch Tuesday update for November highlights the differences between Internet Explorer and its more secure focused successor, Microsoft Edge.

For November’s update, Redmond delivered 12 bulletins, in stark contrast to the relatively modest Patch Tuesday for October, which only contained six bulletins, including updates for a range of products including Skype and Internet Explorer.

Of the 12 bulletins, four rated as critical, with the remaining eight rated as important.

Patched

One of the highest priority patch is MS15-115, which addresses seven vulnerabilities in Windows, the most severe of which could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts.

Microsoft’s decision to build a more secure web browser with Edge is evidenced by another critical patch (MS15-112) for Internet Explorer. “The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer,” said Microsoft.

Microsoft Office also receives an update (MS15-116), and the patch repairs seven Office flaw, the most severe of which could allow remote code execution if a user opens a specially crafted Microsoft Office file.

The two other critical bulletins are for Edge Browser (MS15-113) and Windows Journal (MS15-114).

“We are back to normal for Patch Tuesday November 2015,” blogged Qualys CTO Wolfgang Kandek. “Twelve bulletins that cover a wide mix of products from Internet Explorer (MS15-112) to Skype (MS15-123).”

“Last month’s lower number of six bulletins was an anomaly – maybe caused by the summer vacation?,” he added. “What is not an anomaly but the product of serious security engineering is the pronounced difference between Internet Explorer and Edge patches.”

“Edge is clearly more secure than Internet Explorer and a solid choice as your Internet Browser if your users can run all their business applications with it,” he wrote.

Record Number

Meanwhile the security experts over at Tripwire highlighted the record number of security bulletins from Microsoft in 2015, as well as .

“As Microsoft’s record setting bulletin number continues to climb, we see all of the usual suspects once again,” said Tyler Reguly, manager of software development at Tripwire.

“Microsoft’s browsers (Internet Explorer and Edge), along with Office, .NET, and the Windows Kernel all appear to have standing invites to Patch Tuesday every year but we’re definitely seeing new contenders for regular spots this year. Windows Journal and Lync/Skype for Business are definitely at the top of that list making numerous appearances this year.

“One of the more interesting updates is likely the SChannel update (MS15-121) since this issue has been publicly discussed for a while on the IETF mailing lists as they worked through a draft to implement an RFC on the topic,” said Reguly. “Watching protocol discussions, while it may be boring, is an interesting way to gain insight into upcoming vendor updates. It was recently mentioned on one of the mailing lists that Microsoft would soon have support for this issue, making this one of the most expected patches in a while.”

Meanwhile system administrators should also be aware that Adobe has released a security update for Flash Player that addresses 17 different flaws.

What do you know about Windows 10? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

16 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

17 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

18 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

20 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

22 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

23 hours ago