Yesterday was Patch Tuesday, so Microsoft has released the usual series of fixes and improvements for its software. We’ve already noted all the new features that are coming with Windows 10 build 13393.447, as well as patches headed to older versions of Windows 10.
Now, Microsoft has published its monthly security bulletin, detailing some of the security fixes that were part of yesterday’s patches. The company fixed six flaws deemed Critical in Windows, as well as a further eight considered to be Important in Windows, Windows Server, Office and Internet Explorer.
Here are some of the highlights from last night’s critical updates:
MS16-129 addresses a critical vulnerability found in Microsoft Edge, which at worst, could allow for remote code execution on affected machines. The flaw could be exploited if a user visited a maliciously crafted webpage. Users running with fewer privileges could be less impacted.
MS16-142 addresses a similar vulnerability inside of Internet Explorer. An attacker who tricked the user into viewing a maliciously crafter webpage could gain access to the affected system and elevate his privileges. He’d then be able to run code remotely and take complete control over the target machine.
MS16-130 has to do with a security flaw inside of Windows, which could eventually allow for remote code execution if a locally authenticated attacker ran a specially created script on the affected system.
MS16-131 is another vulnerability inside of Windows, having to do with Microsoft Video Control. The issue could allow for remote code execution because of a problem with the way Microsoft Video Control stores objects in memory. An attacker could gain full access to the system if it convinces a local user to open a local malicious file or program. Interestingly enough, Microsoft has patched this component of Windows a number of times during the past few months, but critical issues seem to keep popping up.
MS16-132 is once more Windows vulnerability that relates to the Microsoft Graphics Component. Windows Animation Manager improperly handles objects in memory, leaving the door wide open to attack if a user visits a malicious website. A successful exploitation of the issue could leave the attacker with full control over the system.
MS14-141 is the final critical bulletin among yesterday’s patches. It contains relates to critical vulnerabilities found in Adobe Flash Player, and contains fixes for nine flaw registered by Adobe.
As mentioned above, besides the patches deemed to be Critical, the update also contains a number of Important bug fixes for security issues in Windows, Windows Server, and Office. None of the reported flaws are being exploited in the wild according to Microsoft.
Source: Technet