Microsoft Patches Vulnerabilities
Monday, May 16, 2016 @ 06:05 PM gHale
Microsoft released 16 security bulletins to patch more than 30 vulnerabilities last week.
The flaws have been addressed by Microsoft in two separate critical bulletins.
One of them, MS16-053, fixes the actual vulnerabilities, which affect the JScript and VBScript scripting engines in Windows. These security holes, tracked as CVE-2016-0187 and CVE-2016-0189, can end up used for remote code execution.
Since the vulnerabilities can end up exploited via Internet Explorer, Microsoft released a separate bulletin, MS16-051, for the web browser.
The software giant said MS16-051 protects systems running Internet Explorer 9, 10 and 11, while MS16-053 addresses the vulnerabilities on systems running Internet Explorer 7 and earlier.
Symantec said attackers exploited these flaws in limited targeted attacks aimed at South Korea, where Internet Explorer is popular. Attackers likely delivered the exploit via spear-phishing emails or compromised websites, Symantec researchers said.
Another critical bulletin released by Microsoft Tuesday addressed several remote code execution vulnerabilities in Edge running on Windows 10.
An attacker can exploit the flaws by getting the victim to access a specially crafted webpage.
A bulletin that addresses vulnerabilities in Office has also been rated critical. Attackers could leverage these for remote code execution via a specially crafted Office file.
The other critical and important updates patch various security holes affecting Windows components, including the graphics component, Journal, Windows Shell, IIS, Media Center, Kernel-Mode and Volume Manager drivers, and Virtual Secure Mode.
An important update for the .NET Framework addresses a TLS vulnerability (CVE-2016-0149) already publicly disclosed.