14 DAY TRIAL // Microsoft has rolled out this month’s security updates as part of the Patch Tuesday cycle, shipping a total of 9 bulletins fixing issues in Windows, Office, and Edge browser (in Windows 10).
This month, Patch Tuesday has brought a total of 9 security updates, five of which are rated as critical while four are considered to be important.
All critical patches address Remote Code Execution flaws and require the attacker to get users with an unpatched system to open a malicious website or document that can exploit the flaws.
Critical security updates
First of all, it’s MS16-095, a cumulative security update for Internet Explorer that fixes RCE flaws on all Windows versions that are still getting support (Windows XP users, beware, so if you’re still running this old Windows version, you’d better give up on Internet Explorer).
MS16-096 is a similar security update, but for Microsoft Edge browser in Windows 10, and they both involve a specially crafted web page that needs to be loaded by users on a vulnerable machine - this means you’re recommended to stay away from unknown websites until you patch!
MS16-097 is a critical security update for the Microsoft Graphics component, and it patches vulnerabilities in many Microsoft software solutions, including Windows, Office, Skype for Business, and Microsoft Lync.
According to the company, “the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document,” so once again, you have to manually click an infected file to allow the exploit.
The last two critical security updates are MS16-099 for Microsoft Office and MS16-102 for Windows PDF Library, so make sure you prioritize these too when patching systems.
Users are recommended to install the critical updates first, and it’s worth noting that system reboots are required, so work needs to be saved before everything else. All Windows versions are getting patches, including Vista, 7, 8.1, and 10, as well as Server SKUs, and until all machines are patched, be sure to avoid any suspicious files or links coming from sources that you don’t trust.