14 DAY TRIAL // Microsoft rolled out this month’s Patch Tuesday updates, fixing vulnerabilities in key software in its lineup, including Windows, Office, and Internet Explorer.
The company released a total of 13 security updates, five of which are rated as critical and should be prioritized by everyone because they include essential fixes for vulnerabilities discovered in Windows.
Updates to prioritize
First of all, the number one patch this month is MS16-023, which is a cumulative security update for Internet Explorer and is available on all supported Windows versions. No matter if you are using Internet Explorer or not, you are highly recommended to deploy this patch because apps on your PC could still rely on this browser to provide web-based content.
According to Microsoft, this update fixes security vulnerabilities in Internet Explorer which could allow an attacker to get the same rights as the logged-in user. The remote code execution flaws can be exploited by tricking users into loading a compromised website, so until you install the patch, make sure you avoid clicking any links that look suspicious or come from unknown sources.
Windows 10 users must install MS16-024 as soon as possible too, as it’s a cumulative security update aimed at Microsoft Edge, the new browser replacing Internet Explorer as the default browser in this OS version.
Once again, the remote code execution flaw can be exploited with the help of a malicious website, so just make sure that you stay away from links coming from sources you don’t trust.
“11 vulnerabilities total, 10 critical show that security researchers have been focusing their attention on Edge, which has slowly lost ground on Internet Explorer in terms of vulnerabilities: in December 2015 we were still 30 to 15 versus now in March at 13 to 11,” Wolfgang Kandek, CTO of Qualys, explained.
The other critical updates released today are MS16-026, MS16-027, and MS16-028 and patch remote code execution flaws in Windows. All are released via Windows Update, and some require a computer reboot, so IT admins should have considered when starting deployment on machines in their networks.