14 DAY TRIAL // Microsoft has published this month’s Patch Tuesday updates, and just as expected, the rollout is massive this time, mostly because of the delayed release of security fixes in February.
The company released a total of 17 security bulletins to fix no less than 134 vulnerabilities in its software, with 8 updates marked as critical.
First and foremost, users and IT admins need to prioritize the deployment of MS17-006 and MS17-007, which are cumulative updates for Internet Explorer and Microsoft Edge browsers. Vulnerabilities that are patched by these updates could allow an attacker to take control of an affected system when the user loads a malicious website in one of the two browsers.
Additionally, critical bulletins MS17-008, MS17-009, MS17-010, and MS17-011 should be on the priority list as well because they address vulnerabilities allowing remote code execution, with all versions of Windows said to be affected.
There’s also a patch that fixes vulnerabilities in the Windows operating system and it’s labeled MS17-012, with Microsoft explaining that attackers are trying to exploit it using apps that connect to an iSNS Server and then issues malicious requests to the server.
Office and other software also getting patched
Microsoft Office, Skype for Business, and Microsoft Silverlight are targeted by critical and important security updates as well, so Microsoft recommends all users to install these new Patch Tuesday fixes as soon as possible on all their computers.
And last but not least, Microsoft is also shipping the Flash Player update that Adobe published yesterday and which is available for Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016. Microsoft Edge and Internet Explorer both come with Flash Player built in, so Microsoft patches vulnerabilities in Adobe’s software using the standard Windows Update channel.
IT admins should have in mind that installing these updates prompts system reboots, so work on all machines, including in the deployment, needs to be saved. Also, the size of this month’s Patch Tuesday rollout is bigger than the usual given the fact that Microsoft previously delayed the February cycle.