This is the broadest round of security updates this year for Microsoft. These updates will have remedied around 50 vulnerabilities in its products and another 26 in the Flash Player.
Advertisement
October will mark a major shift in the way Microsoft structures its Patch Tuesday release for many users and experts worry the new monthly Windows rollup will force companies to accept more risk in order to avoid compatibility issues. “The patched vulnerability could also lead to remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application”, the report explains.
On most computer the updates are automatically downloaded and installed.
One way that the malvertising avoided researchers was by using an information disclosure zero-day in Microsoft Edge and Internet Explorer.
MS16-106 and MS16-107 are imperative updates that can solve Microsoft Graphics Component and Office flaws.
Network World advises businesses to prioritize the security update for Silverlight (MS16-109) even though it’s rated as important instead of critical. The new version can be accessed by going to Settings Updates & Security Windows Update, clicking “Check for Updates” and then selecting “Feature update to Windows 10, version 1607”.
For everyone else, it’s time to update Windows to patch a slew of serious flaws.
Tech experts note that this is a pretty big deal.
Security researcher Kafeine says one of this week’s Microsoft patches addresses a vulnerability it knew of since previous year, and may only have pulled the patching trigger after a spate of banking trojan attacks. Just do not forget to perform a system reboot to ensure that the patches have been fully installed. Many of these vulnerabilities were first reported to the tech titan in 2015, but it has taken the company until now to fully reply.
The security firm says the flaws appear to have existed in Microsoft’s commercial hooking engine Detours for almost a decade. Some of these have been minuscule and easy to remedy.
The Internet Explorer bug has been used by several gangs behind the spread of malicious ads. “If the server processes a Word or Excel file using these automation services, that triggers the vulnerability and could cause the attacker to get complete control of the SharePoint Server”, said Sarwate.
“Windows 10 has all updates in a cumulative bundle each month which is more strict than the servicing change being implemented on pre-Windows 10 systems next month”.
A couple of the non-critical updates caught the eye of another Core Security researcher as being out of the ordinary. The majority of the vulnerabilities were in Microsoft Office which saw 13 vulnerabilities fixed.
Advertisement
Is this something that Microsoft will ever solve? Microsoft just has to be on the offensive.
