First Patch Tuesday For 2016 Brings 6 Critical Updates

Microsoft has kicked off 2016 with 9 different bulletins for Windows and Office, 6 of which come with the critical rating. And of out these 5 actually fix major security holes in these software.

The remaining addresses a vulnerability in Microsoft Silverlight.

If you are ready to deploy them, then MS16-005 is the one that you should prioritize, as it fixes a Remote Code Execution flaw in almost all versions of the operating system, including old horses like Windows Vista and 7.

No such threat for Windows 8 and 10 users, though, as this bulletin either does not apply for these flavors, or is rated as important, as the vulnerability does not exist for the modern versions of the OS.

Things started off with a fix for Internet Explorer on Windows 10 with patch MS16-001, with a similar patch MS16-002 for the Edge browser to address two vulnerabilities:

“Both are rated critical giving the attacker the chance to control the targeted machine by exploiting the browser through a malicious webpage. Both address only two vulnerabilities, which is quite unusual, at least in the Internet Explorer case where we have become accustomed to over 20 vulnerabilities addressed in the past.”

As Wolfgang Kandek of Qualys reveals, another critical patch is MS16-004 as it fixes six different issues in Microsoft Office all of which are capable of giving the attacker Remote Code Execution capabilities.

Another update is aimed at Exchange Server.

As usual, these updates are shipping via Windows Update, so you simply need to connect your device to receive them. IT administrators will need to prepare for reboots, though, when deploying these updates on the PCs in their organization.

Leave a Comment:

Add Your Reply