14 DAY TRIAL // Microsoft rolled out a total of 12 security updates this Patch Tuesday, six of which are rated as critical and another six are flagged with an “important” severity rating.
The first and most important update that IT admins should prioritize is MS16-144, which is known as Cumulative Security Update for Internet Explorer (3204059) and patching remote code execution flaws in Microsoft’s browser.
As is the case with RCE flaws, an attacker who exploits the flaw could get the same rights as the current user, which means that compromising an administrator account could provide full access to the computer and the locally-stored data.
Microsoft Office security patches
Then, there’s MS16-145, which is a Cumulative Security Update for Microsoft Edge (3204062) and fixes RCE flaws as well. MS16-146 is also rated as critical and patches flaws in Microsoft Graphics Component that would involve convincing users to visit a malicious website or open a compromised document.
MS16-147 addresses security vulnerabilities in Windows Uniscribe, while Microsoft Office customers get MS16-148, which is aimed at MS Office, Office Services, and Web Apps.
“The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights,” Microsoft explains.
And last but not least, there’s MS16-154, which is a security update for Adobe Flash Player that comes to address flaws that Adobe itself repaired and which exist in Flash Player in Internet Explorer and Edge browser.
As usual, IT admins are recommended to prioritize deployment of these critical security updates and keep in mind that system reboots are required, which means that work needs to be saved before starting deployment.