Microsoft has released critical patches including an important fix for the sandworm gang.
The recent Microsoft release includes three critical and five important patches will that address 24 Common Vulnerabilities and Exposures in Windows operating system, Office suite, .NET Framework, .ASP.NET and Internet Explorer.
Microsoft as well as IT consultants recommend that you apply all of these updates immediately in order to protect your systems. For large scale IT environments, it is recommended that your have your IT Tech Support department or Managed IT Services provider (MSP) focus on the Critical updates first.
One of the patches addresses an issue that will allow remote code execution on all shipping versions of Windows including the Server Core installations of Windows Server 2008 and Windows Server 2012.
The fix for the flaw being exploited by the Sandworm gang is MS14-060. This vulnerability has been actively targeted in the wild and may lead to malicious programs being executed on victim machines. Using the setting to ‘Always Prompt’ helps mitigate the impact of this vulnerability.
How do you apply the Microsoft patches?
Microsoft recommends that you apply the update immediately using the Microsoft Update service. The updates are also available via the download links in the Affected Software table later in this bulletin.