Patch Tuesday Clears Security Issues

Tuesday, December 13, 2016 @ 06:12 PM gHale

In what appears to be the final Microsoft Patch Tuesday for 2016, the software giant released six critical updates, 12 overall, covering 34 individual flaws in Windows, Internet Explorer, Edge and Office, all of which, if exploited, could lead to remote code execution.

The critical flaws are in bulletins MS16-144, MS16-145, MS16-146, MS16-147, MS16-148 and MS16-154. There are also six other bulletins rated as important.

RELATED STORIES
Microsoft Talks Security Advances
Microsoft Fixes Office 365 Email Hole
Microsoft Patches Fix Zero Days
EMET Going Away in 2018

MS16-154 is potentially the most dangerous issue if left unpatched. That fix refers to the Adobe Flash Player update that fixes 17 problems including one flaw currently undergoing exploitation.

MS16-144 for Windows and IE if left unpatched could allow a user who views a specially crafted webpage to have code remotely executed allowing the attacker to gain user rights and take control of the affected system. MS16-145 would allow the same problem to happen to those using Edge.

MS-146 resolves vulnerabilities in Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS16-147 resolves a vulnerability in Windows Uniscribe. The vulnerability could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document, which would allow remote code execution.

MS16-148 would allow an attacker who successfully exploited the vulnerabilities to run arbitrary code in the context of the current user.

Microsoft office bulletin MS16-148 is also critical as it’s a remote code execution issue, and victims can end up compromised without any user interaction due to the preview panel. This typically happens when the Outlook preview panel tries to render email content after receiving a malicious mail.



Leave a Reply

You must be logged in to post a comment.