14 DAY TRIAL // Microsoft rolled out the first security updates of the year on Tuesday, shipping a total of 9 different bulletins, six of which were rated as critical.
What’s surprising, however, is that despite the small number of updates, out of the six critical, no less than five concern major security holes in Windows and Office. The remaining one addresses a vulnerability in Microsoft Silverlight.
Specifically, MS16-005 is one of the updates that you need to prioritize because it includes fixes for a Remote Code Execution flaw in most Windows versions, including Vista and 7. As far as Windows 8 and Windows 10 are concerned, the bulletin is either rated as important or does not apply at all, as the vulnerability doesn’t exist.
Wolfgang Kandek of Qualys says that MS16-004 is also a critical patch because it fixes six different vulnerabilities in Microsoft Office, “all capable of giving the attacker Remote Code Execution capabilities.”
Windows 10 patches
Windows 10 users aren’t secure either and Microsoft Edge browser got its own update labeled as MS16-002 (a similar patch for Internet Explorer on Windows 10 is also available as MS16-001).
“Both are rated critical giving the attacker the chance to control the targeted machine by exploiting the browser through a malicious webpage. Both address only two vulnerabilities, which is quite unusual, at least in the Internet Explorer case where we have become accustomed to over 20 vulnerabilities addressed in the past,” Kandek said.
Two of the three important updates shipped today are supposed to fix vulnerabilities in Microsoft Windows operating system while the remaining one is aimed at Exchange Server.
As usual, these patches are shipped via Windows Update, so you don’t need to do anything else than to connect the computer to the Internet and wait. Obviously, a reboot will be required, so IT administrators should have this in mind when preparing the deployment on their organization’s PCs.