Patch Tuesday Fixes Critical Flaws in Windows, Office, IE

In the first Patch Tuesday of 2016, Microsoft rolled out nine security bulletins. Six are rated "critical" on Redmond?EU?s scale and three are rated "important." All told, seven fixes address remote code execution vulnerabilities, which means attackers could gain access to PCs or servers from outside locations.

The patches rated critical address issues in Internet Explorer, Microsoft Edge, VBScript, Microsoft Office, Windows, and Silverlight. The patches rated important fix vulnerabilities in Windows and Microsoft Server Exchange.

Of all the patches, MS16-10 should be at the top of the list for administrators because the patch fixes three vulnerabilities that could result in financial loses through compromised business e-mails, according to Craig Young, security researcher for advanced threat protection firm Tripwire's Vulnerability and Exposure Research Team.

?EU?According to the FBI, BEC (business e-mail compromise) has cost businesses around the world upwards of $1.2 billion,?EU? Young told us. ?EU?This type of attack tends to rely on the ability of an attacker to convince a victim that e-mails came from someone else within the firm in a position of authority. The ability to make phishing e-mails legitimately appear to come from an internal address is a tremendous advantage for attackers.?EU?

An Unusual Patch

Microsoft?EU?s first Patch Tuesday for 2016 was low in terms of the number of patches issued, but it covered a lot of software ground and included broadly used apps like Windows and Office. That means IT admins need to move swiftly.

Wolfgang Kandek, CTO of cloud security firm Qualys, picked MS16-005 as the most important patch to deploy for users running Vista, Windows 7 or Server 2008. That?EU?s because the flaw has been publicly disclosed and could open the door to a remote code execution. The good news is Windows 8 and Windows 10 do not carry the vulnerability.

?EU?Our second priority is MS16-004. It addresses six vulnerabilities...

Comments are closed.