Get the lowest-cost and the best server colocation service in the business. Learn more.
Information Technology News.

Microsoft issued its first Patch Tuesday yesterday, it was a big one

Share on Twitter.

Get the best SMTP service for your business. Guaranteed or your money back.

January 13, 2016

Microsoft has issued its first batch of security updates for this year, including what will be the final round of patches for several versions of its Internet Explorer browser.

This security release includes various fixes for no less than twenty-five CVE-listed security flaws in Windows, Internet Explorer, Edge and its MS Office Suite.

Among the patched security bugs are remote code execution vulnerabilities, elevation of privilege holes and a spoofing vulnerability in the OS.

Microsoft says that so far, no one has actively exploited the security vulnerabilities addressed in this month's patch bundle, but it's only a matter of time before cyber criminals reverse-engineer the updates and target them.

Here's the list of updates you should install and watch out for sneaky downloads that enable the Windows 10 nagware:

  • Bulletin MS16-007 addresses 6 CVE-listed bugs, including a security flaw in Remote Desktop Server on Windows 10 that could allow an attacker to remotely log into password-less accounts, which would normally be blocked. By default, Windows should prevent Remote Desktop access to password-less profiles, but somewhere along the line, Windows 10 started allowing access to unprotected accounts.

  • Bulletin MS16-001 is a cumulative security update for Internet Explorer, and the last update for most desktop versions of IE. Two CVE-listed security flaws are addressed in the update, including one that can be exploited by a malicious webpage to execute code on a vulnerable machine.

  • Bulletin MS16-002 is a cumulative update for the Edge browser in Windows 10. The update fixes a pair of security issues in Edge that could be targeted in remote code execution attacks.

  • Bulletin MS16-003 updates JScript and VBScript to protect against a remote code execution flaw that could be exploited on Windows Vista or Server 2008 installations that still run IE 7.

  • Bulletin MS16-004 addresses two remote code execution vulnerabilities, and a security bypass flaw in Office 2007, 2010, 2013, 2013 RT, 2016 and Office for Mac 2011 and 2016. Opening a booby-trapped document could trigger the execution of malware hidden in the file.

  • Bulletin MS16-005 is a fix for two CVE-listed flaws in Windows, one which could allow remote code execution and another which could lead to elevation of privilege. The remote code execution bug (CVE-2016-0009) is considered a higher risk for Windows Vista, Windows 7 and Windows Server 2008.

  • Bulletin MS16-006 will patch one security vulnerability in Silverlight allowing for remote code execution via a malicious webpage. Mac users running Silverlight are also vulnerable and should update the plugin for OS X.

  • Bulletin MS16-008 is an update for two CVE-listed elevation of privilege flaws in the Windows kernel. All supported versions of Windows and Windows Server are subject to the fix.

  • Bulletin MS16-010 fixes four CVE-listed spoofing bugs in Exchange Server 2013 and 2016.
  • In addition to this MS Patch Tuesday bundle, Adobe has also issued its monthly update for security flaws in its Acrobat and Reader software. A total of 17 CVE-listed security bugs are patched for both OS X and Windows.

    Of the seventeen bugs addressed by Adobe this month, five are remote code execution flaws, nine allow remote code execution from memory corruption, one allows remote code execution by way of a double-free condition, one allows remote code execution through a directory search path in Adobe Download Manager, and another allows an attacker to bypass JavaScript API security restrictions.

    Both Windows and OS X users and administrators should install the Adobe update. We'll keep you posted on February's updates once they are available.

    Source: Microsoft.

    Get the best SMTP service for your business. Guaranteed or your money back.

    Share on Twitter.

    IT News Archives | Site Search | Advertise on IT Direction | Contact | Home

    All logos, trade marks or service marks on this site are the property of their respective owners.

    Sponsored by Sure Mail™, Avantex and
    by Montreal Server Colocation.

           © IT Direction. All rights reserved.