Microsoft patched a vulnerability in its graphics component present in Windows, Office and Lync that has been publicly attacked, and is one of five vulnerabilities patched this month that have been publicly disclosed. Microsoft released a dozen bulletins this month, five of them it rates critical, including separate updates for Internet Explorer and the new Edge browser in Windows 10, the second month in a row Edge has been patched since it was released. The Microsoft Graphics Component bulletin, MS15-097, patches 11 vulnerabilities. The highest priority should be CVE-2015-2546, a memory corruption bug that leads to elevation of privilege that is under attack. Microsoft rated the bug “Important”, likely because this vulnerability can allow an attacker to log on to a vulnerable Windows machine and run code; it provided no further details on the attacks or where the vulnerability was disclosed.
Microsoft Security Bulletin
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street