14 DAY TRIAL // Microsoft has released a total of 10 security updates this Patch Tuesday, out of which no less than 5 are rated as critical, including here an update aimed at Adobe Flash Player.
First and foremost, IT admins should prioritize the deployment of MS16-118, which is a cumulative security update for Internet Explorer. All versions of the browser that are still supported by Microsoft are targeted by this patch, and the firm says that a successful exploit could lead to an attacker gaining the same rights as the logged-in user.
This involves getting the target computer to load a specially crafted webpage hosting code to exploit the vulnerability, so users whose machines aren’t yet patched should avoid clicking on links coming from unknown or untrusted sources.
Just like Internet Explorer, Microsoft Edge is also getting a cumulative security update with MS16-119. The aforementioned information is valid here too, with Microsoft saying that Edge users should stay away from suspicious links because crafted websites is the only way for attackers to exploit vulnerabilities.
Office customers getting patches too
MS16-120 is a security update for Microsoft Graphics component which resolves vulnerabilities in Microsoft Windows, .NET Framework, Office, Skype for Business, Silverlight, and Microsoft Lync. Customers of any of these solutions should stay away from links and documents that they don’t trust, and Microsoft explains that one way to reduce the risks of exploits is reducing user rights to standards and removing administrator privileges.
MS16-122 should be prioritized because it patches flaws in Microsoft Windows, according to the official documentation provided by Microsoft. This update is labeled as critical as well.
“The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message,” the company explains.
And last but not least, there’s MS16-127, which is the critical security update for Adobe Flash Player that’s also delivered through Windows Update. Flash Player comes pre-installed in Edge and Internet Explorer, so Microsoft is updating it via Windows Update whenever Adobe releases patches too.
System reboots will be necessary when installing these updates, so IT admins should save work on computers where the whole pack is deployed before initiating the process.