This month’s Patch Tuesday cycle saw Microsoft include 14 patches for security updates. Six of them were flagged as critical and targeted all Windows versions with active support.
Chronologically, the critical updates start with MS16-129. This is a cumulative update for Microsoft Edge. It has been created to patch a Remote Code Execution (RCE) flaw. This weakness is exploited when loading a malicious website. It enables hackers to get the same privileges as the logged in users.
The next update is MS16-130. It is targeted at Microsoft Windows. The patch was made to fix a RCE flaw which, as Microsoft elaborated, “could allow remote code execution if a locally authenticated attacker runs a specially crafted application.”
The next critical update is a vulnerability patch. MS16-131 eliminates vulnerabilities in the operating system which allow attackers to exploit the Microsoft Video Control with an arbitrary code.
MS16-132 fixes security flaws in the Microsoft Graphics Component. These faults can allow hackers to exploit the Windows Animation Manager when a malicious website gets loaded. The intervention would lead to the component mishandling objects in the memory. Conducting an attack, a hacker can install programs, record and delete data. He could even create new accounts with administrator rights.
MS16-141 is the latest update for Adobe Flash Player. This patch is aimed at resolving a vulnerability, related to Internet Explorer. The flaw can be exploited when entering a malicious website through the browser.
The final update from the critical list is MS16-142. Its purpose is to patch a vulnerability which can allow hackers to access objects in the memory and gain the same user rights as the current user by executing an arbitrary code.
Patch for the Google-disclosed Windows vulnerability also released
The Patch Tuesday cycle included the security update for the Google-disclosed flaw in the operating system. The update in question is MS16-135. It was filed under important, rather than critical, which was a bit of a surprise. The vulnerability was addressed by Windows and, judging by their comments, the severity level appeared to be high.
The company gave the following insight: “This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.”
Users can get all the components patched by executing the Windows Update task. Please, note that a reboot is required to run the process. You need to save your work beforehand. At the time of writing, there is no information regarding faulty updates.