For this month of hearts and flowers, Microsoft gifts you with 13 security bulletins; six are rated critical for RCE.
On February 2016 Patch Tuesday, Microsoft released 13 security bulletins, six of which are rated as critical for remote code execution. The rest deal with fixing elevation of privilege, denial of service, and security feature bypass vulnerabilities.
Rated critical
MS16-022 resolves 23 flaws in Adobe Flash Player by updating Flash libraries in Internet Explorer 10, Internet Explorer 11, and Microsoft Edge. This patch is meant for all supported editions of Windows. It was ranked at the top of the list for patching, according to Qualys CTO Wolfgang Kandek, who called the patch a “packaging change” since “there is a real bulletin for it,” as opposed to a security advisory.
MS16-009 is the monthly cumulative security fix for Internet Explorer, patching 13 vulnerabilities including remote code execution. Microsoft intends not to patch any version older than IE 11, so if you use a legacy IE browser then it’s time to move on from that attack vector.
MS16-011 is to patch six vulnerabilities in Microsoft Edge; the most severe could allow RCE if a user browses a maliciously crafted webpage.
MS16-012 deals with bugs in Microsoft Windows PDF Library, the most severe of which could allow RCE. The security update is rated critical for all versions of Windows that come with PDF Reader: Windows 8.1, Windows 10, Windows Server 2012 and Server 2012 R2. Kandek noted that this is the first patch for Microsoft’s PDF Reader.
Core Security’s Bobby Kuzma said, “MS16-012 is probably the most interesting of the bunch, if only because it’s refreshing to see someone besides Adobe having a remote code vulnerability in PDF.”
MS16-013 patches an RCE vulnerability in Windows Journal. For an attacker to successfully exploit this memory corruption bug, a user would need to open a maliciously crafted Journal file such as via email.
MS16-015 closes holes in Microsoft Office. Therefore, it should be close to the top of your deployment list priority. Kandek ranked it as second most important as it resolves seven flaws in Word, Excel, and SharePoint.
Click here to read the rest.
SOURCE: Network World
Ms. Smith
Leave a Reply
You must be logged in to post a comment.