- Jan 24, 2011
- 9,377
Microsoft has started this month’s Patch Tuesday update cycle to fix vulnerabilities in its software, and this time, the highlights are Windows, Edge browser, Internet Explorer, and the Office productivity suite.
There are 13 different security bulletins this month, one of which is the Flash Player patch that was released a few days ago and that Microsoft included in its rollout to fix vulnerabilities in Internet Explorer and Edge (both browsers come with Flash pre-installed, so in order to patch flaws, Microsoft has to deliver fixes through Windows Update).
Out of the 12 remaining updates, there are 6 critical updates fixing flaws in Windows, Internet Explorer, Office, and Edge browser. The rollout is targeting remote code execution flaws and escalation of privilege and includes updates that require a restart, so IT admins should have this in mind when starting deployment.
Windows users, prioritize this update!
For Windows users, the most important update that needs to be installed ASAP is MS16-039, which comes to address flaws related to a graphics component in the operating system. Absolutely all versions of Windows are affected, starting with Vista and ending with 10, as well as Office 2007 and 2010, .NET, Skype, and Lync.
“The two 0-days are contained with the Windows portion and both allow for the escalation of privilege from a normal user to administrator. In real life they will be paired with an exploit for a vulnerability that gets the attacker on the machine such as the Flash Player flaw,” Wolfgang Kandek, CTO of Qualys, explains.
“In that type of scenario, your user would go to a normal website and get attacked with a Flash exploit that then escalates with the CVE-2016-0165/7 vulnerabilities from MS16-039.”
Read more: Microsoft Releases Critical Windows, Edge Browser, Office Security Updates
There are 13 different security bulletins this month, one of which is the Flash Player patch that was released a few days ago and that Microsoft included in its rollout to fix vulnerabilities in Internet Explorer and Edge (both browsers come with Flash pre-installed, so in order to patch flaws, Microsoft has to deliver fixes through Windows Update).
Out of the 12 remaining updates, there are 6 critical updates fixing flaws in Windows, Internet Explorer, Office, and Edge browser. The rollout is targeting remote code execution flaws and escalation of privilege and includes updates that require a restart, so IT admins should have this in mind when starting deployment.
Windows users, prioritize this update!
For Windows users, the most important update that needs to be installed ASAP is MS16-039, which comes to address flaws related to a graphics component in the operating system. Absolutely all versions of Windows are affected, starting with Vista and ending with 10, as well as Office 2007 and 2010, .NET, Skype, and Lync.
“The two 0-days are contained with the Windows portion and both allow for the escalation of privilege from a normal user to administrator. In real life they will be paired with an exploit for a vulnerability that gets the attacker on the machine such as the Flash Player flaw,” Wolfgang Kandek, CTO of Qualys, explains.
“In that type of scenario, your user would go to a normal website and get attacked with a Flash exploit that then escalates with the CVE-2016-0165/7 vulnerabilities from MS16-039.”
Read more: Microsoft Releases Critical Windows, Edge Browser, Office Security Updates