Microsoft August Security Update

Wednesday, August 10, 2016 @ 04:08 PM gHale


Microsoft released this month’s security updates as part of the Patch Tuesday cycle, issuing nine bulletins for Windows, Office, Internet Explorer and Edge browser.

Five of the updates rate as critical while four are important.

RELATED STORIES
Windows 10 UAC Bypass
Microsoft Patches Critical Vulnerabilities
Microsoft Brings Checked C to Open Source
Microsoft Fixes Windows Kernel Font Issue

All critical patches address Remote Code Execution (RCE) flaws and require the attacker to get users with an unpatched system to open a malicious website or document that can exploit the flaws.

Leading off is MS16-095, a security update for Internet Explorer that fixes RCE flaws on all Windows versions that are still getting support.

MS16-096 is a similar security update, but for Microsoft Edge browser in Windows 10, and they both involve a specially crafted web page that needs to end up loaded by users on a vulnerable machine.

MS16-097 is a critical security update for the Microsoft Graphics component, and it patches vulnerabilities in Windows, Office, Skype for Business, and Microsoft Lync.

“The vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document,” Microsoft researchers said.

The last two critical security updates are MS16-099 for Microsoft Office and MS16-102 for Windows PDF Library.

Users are recommended to install the critical updates first, and it is worth noting that system reboots will end up required.