Microsoft Patch Tuesday - five 'critical' security flaws in 12 major updates

Shut down the PC early today, it's going to be updating for some time...

Microsoft has released 12 security updates for PCs running all supported versions of Windows - and the updates include five intended to fix "critical" flaws, including some that have already been publicly disclosed, with one already subject to exploits.

In all, the patches are intended to fix some 56 vulnerabilities in Windows and related components, including fixes for 14 security flaws in Internet Explorer and four in Edge, the web browser that Microsoft hopes will replace IE. They also cover four flaws in Microsoft Office, including one enabling remote execution.

For enterprise users, the patches include fixes for Active Directory, addressing a flaw enabling denial of service attacks against Windows Server, as well as Lync, Microsoft's enterprise communications tool.

Critical-rated ms15-098, meanwhile, patches remote-code execution flaws in Windows desktop operating systems from Windows Vista, as well as server operating systems from Windows Server 2008. Fixes for other flaws affect Exchange Server, Windows Task Management, the .NET framework and Windows Media Center.

Information about all the latest fixes can be perused on the Microsoft Technet website.

However, according to Chris Goettl of security company Shavlik, this month's batch of Microsoft patches is comparatively light, as Microsoft and other companies rushed to fix flaws in advance of the Black Hat security conference at the beginning of August.

Windows 7 users who have opted-in for a free Windows 10 upgrade, but not yet upgraded, will need to be careful not to accidentally upgrade as Microsoft has changed Windows Update not to notify of updates - only ticking the Windows 10 upgrade and hiding and keeping unticked all updates, critical or otherwise.