It's 2015 and hackers can hijack your Windows PC if you watch a web video (Today is Patch Tuesday)

The Register ^ | June 9, 2015 | Shaun Nichols

[dayglored]

Microsoft has released the June edition of its Update (neé Patch) Tuesday security update dump.

This month's bundle includes eight security bulletins, two rated "critical" and six rated "important." Users and administrators are advised to test (if necessary) and install the updates as soon as possible to prevent attacks.

• MS15-056 A cumulative patch for Internet Explorer versions 6-11. It addresses 24 CVE-listed security flaws. "critical" (remote code execution).
• MS15-057 A Windows update to address a single flaw in Media Player for Windows Vista and 7 and Windows Server 2003 through 2008 R2. Opening a web page that plays a maliciously crafted video will trigger the bug, which can be exploited to hijack the PC. "critical" (remote code execution).
• MS15-059 This buletin addresses three CVE-listed vulnerabilities in Microsoft Office Compatibility Pack Service Pack 3, Office 2010, 2013, and 2013 RT.
• MS15-060 A remote code execution flaw in the Microsoft Common Controls component for Windows Vista and later and Windows Server 2008 and later. Clicking on a malicious link and invoking the F12 Developer Tools in Internet Explorer will trigger the bug.
• MS15-061 A total of 11 CVE-listed vulnerabilities in the kernel-mode drivers for all Windows systems from Vista and Server 2003 and later.
• MS15-062 An elevation of privilege vulnerability in the Active Directory Federation Services component for Windows Server 2008, 2008 R2, and 2012.
• MS15-063 An elevation of privilege vulnerability in the Windows kernel. The vulnerability applies to Windows Vista and later and Windows Server 2008 and later.
• MS15-064 Three elevation of privilege vulnerabilities in Exchange Server 2013.

...

[dayglored]

Full descriptions and further information at Microsoft's Security Bulletin site:

https://technet.microsoft.com/library/security/ms15-jun

Get patching!!

[dayglored]

Patch Tuesday -- not as big as some, but still important ... PING!

You can find all the Windows Ping list threads with FR search: search on keyword "windowspinglist".

[dayglored]

> Get patching!!

... because all too often, "Patch Tuesday" is followed by "Exploit Wednesday"!

[jmranchman]

Yes I am so looking forward to it. I handle patching at my place of work and the last set of critical patches screwed up half the machines at our business. I have been waiting with baited breath!

[dayglored]

> I have been waiting with baited breath!

I'm over here with bated breath myself, but maybe bait is a better bet.

[dayglored]

> ...the last set of critical patches screwed up half the machines at our business...

Yeah, the last couple of Patch Tuesdays have been brutal.

This one comes with a commercial for Windows 10. Gotta love getting an ad with your monthly patchload... NOT!

*sigh*

[basil]

So far (18 years), my Mac has never been hacked.

[zeugma]

You’re using an 18 year old Mac? Impressive.

[jmranchman]

I figured the spelling and sentence police would show after I posted that. I knd of hoped I would be given the benefit of the doubt so I wouldn’t have to change it after not proof reading but oh well. That’s what I get for replying in a hurry. Thanks for the tip though.

[fr_freak]

You’re using an 18 year old Mac? Impressive.

That's nothing. My Texas Instruments pocket calculator hasn't been hacked in 25 years.

[dayglored]

> I figured the spelling and sentence police would show after I posted that. I knd of hoped I would be given the benefit of the doubt so I wouldn’t have to change it after not proof reading but oh well. That’s what I get for replying in a hurry. Thanks for the tip though.

No worries, I was only ribbin' ya because I've made that same one myself any number of times.

Even had so-called auto-correct change it to "baited" once on me.

When in doubt, blame auto-correct. :-)

[dayglored]

> You’re using an 18 year old Mac? Impressive.

Yeah, but not unheard of.

My 17-yr-old original iMac G3 (in ever-loving "Grape" purple, I'll have you know) still fires up and ran within the past year.

But I can't honestly say I still "use" it. It's a conversation piece, that's all. But it does still work.

And it's never been hacked either. LOL!

[FreeInWV]

I have a good feeling about this service pack. Watching it finish installing as we speak. Ubuntu 14.04.2.

[dayglored]

> That's nothing. My Texas Instruments pocket calculator hasn't been hacked in 25 years.

I've still got my old HP-35 from the early 70's, and as of last year it hadn't been hacked yet.

I don't think the virus writers are paying much attention to HP-35's and old TI's these days.

More's the pity.

[dayglored]

> I have a good feeling about this service pack. Watching it finish installing as we speak. Ubuntu 14.04.2.

Good choice.

I spun up a new 14.04.2 server instance on my Amazon cloud earlier today. Gotta admit, it's easy as hell these days.

Yours a desktop install?

[basil]

Actually, I buy a new one ever few years and pass the old one on to one of my many grand kids.

I was speaking collectively...but as far as I know, none has ever been hacked after I gave them away.

[basil]

Actually, I buy a new one ever few years and pass the old one on to one of my many grand kids.

I was speaking collectively...but as far as I know, none has ever been hacked after I gave them away.

[FreeInWV]

Yep. The XP on my son’s computer went kaput. He gets to be the guinea pig. The rest of my computers have become so slow and bloated, I see no reason to continue with Microsoft. I use Redhat at work, so I figured it would be no big deal. So far so good...

[dayglored]

> but as far as I know, none has ever been hacked after I gave them away.

That doesn't surprise me -- it's damn hard to open up a Mac to a hacker. 99.9% of the time, when a Mac gets pwned it's because the operator did something stupid -- something where they knew better but weren't paying attention.

Of course, these days Windows is just as good that way, too. I figure Windows caught up to OS-X back around Win7 SP1, in terms of difficulty of non-operator-assisted attacks.

The downside, for all of these machines, is that users haven't gotten a whole lot more careful.

[Cold Heart]

I have one of those too, and a slide rule:)