Microsoft Issues Security Bulletins

Thursday, March 10, 2016 @ 03:03 PM gHale


This past Tuesday, Microsoft released 13 security bulletins as part of its March 2016 patch program.

The patches address vulnerabilities in Windows, Internet Explorer, Edge, Office, Server Software, and the .NET Framework.

RELATED STORIES
Microsoft Boosts Security for Windows 10
Microsoft Releases EMET 5.5
New Protection from Unwanted Applications
Edge Now Blocks Code Injection

One of the critical bulletins released this month, MS16-023, resolves 13 Internet Explorer vulnerabilities, the most severe of which can end up exploited by a remote attacker to execute arbitrary code simply by getting the victim to visit a specially crafted website using Internet Explorer.

Another critical bulletin is MS16-024, which fixes 11 vulnerabilities in Microsoft Edge, including ones that also affect Internet Explorer.

MS16-026, which patches flaws in Windows, also rates as critical. The issues, related to how the Windows Adobe Type Manager Library handles specially crafted OpenType fonts, can end up exploited for denial-of-service (DoS) attacks and remote code execution.

The advisory for MS16-027 found Windows plagued by multiple critical remote code execution vulnerabilities that can end up triggered when a user opens specially crafted media content hosted on a website.

MS16-028 fixes two issues related to the Microsoft Windows PDF Library. An attacker could exploit these security holes for remote code execution by getting the targeted user to open a specially crafted PDF file.

One bulletin item rated “important” covers a Windows USB Mass Storage Class driver memory corruption bug that can end up exploited for privilege escalation.