Here's what's in this month's supersize collection.
MS15-018
is a Cumulative Security Update that addresses an even dozen
vulnerabilities and affects all supported versions of Internet
Explorer. It includes the fix for a cross-site
scripting vulnerability that was publicly disclosed prior to
February's Patch Tuesday but didn't
make last month's fixes . Another fix is in response to a memory
corruption vulnerability that has also been publicly disclosed,
although the official CVE page hasn't yet been updated with details.
MS15-019
repairs a scripting vulnerability (3040297) in some
older Windows versions; it doesn't affect Windows 7 and later desktop
versions or the equivalent server versions, Windows Server 2012 and
2012 R2.
MS15-020
fixes a flaw in the way Microsoft Text Services handles objects in
memory and how Microsoft Windows handles the loading of DLL files. MS15-021
addresses an issue with the Adobe Font Driver. Both vulnerabilities
could theoretically allow remote code execution, although Microsoft's
summaries say that possibility is unlikely.
MS15-022
applies to all supported Microsoft Office versions (2007, 2010, and
2013), as well as the server-based Office Web Apps and SharePoint
Server products. It fixes three known vulnerabilities in Office
document formats as well as multiple cross-site scripting issues for
SharePoint Server. The worst outcome allows remote code execution.