Busy Patch Tuesday cycle for Microsoft and its users

Sep 14, 2016 07:46 GMT  ·  By

Microsoft has shipped a total of 14 security bulletins as part of this month’s Patch Tuesday cycle, fixing vulnerabilities in all Windows versions, browsers, the Office productivity suite, and other solutions in its portfolio.

There are seven updates rated as critical and seven marked as important and, obviously, you need to prioritize the first ones, especially because they include patches for Windows and browser flaws.

MS16-104 and MS16-105 are the two critical updates aimed at browsers, namely Internet Explorer and Microsoft Edge, respectively, so if you’re using any of these two apps to browse the web, make sure you install these as soon as possible.

Fixing RCE flaws

According to Microsoft, these patches address Remote Code Executive flaws that could allow an attacker to get the same rights as the logged-in user if a specially-crafted website is being loaded in an unpatched browser.

A similar method is being used to exploit computers that haven’t yet deployed MS16-106 and MS16-107 to patch Microsoft Graphics Component and Office flaws, respectively, as users need to open malicious documents in order to make it possible for attackers to infiltrate into their machines.

There’s also MS16-117, which is a critical security update for Adobe Flash Player, but this one is only shipped to computers running Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 – Internet Explorer and Edge available on these OS versions come with Flash Player built-in, so Microsoft patches flaws via Windows Update whenever Adobe releases an update.

What’s important to know is that Windows servers are also getting a large batch of updates, some of which correct critical security flaws in the operating system. Security company Qualys says Windows Server admins need to prioritize the deployment of all critical updates for their machines including MS16-108, which patches RCE flaws in Oracle Outside In libraries that are built into Exchange Server.

Overall, this is a pretty significant update release for Microsoft and IT admins should keep in mind that a system reboot is required and work needs to be saved before anything else.