The patches are coming! The patches are coming! Microsoft made full use of the final Patch Tuesday for the year by unleashing 12 security updates for users of its software.
6 of these are rated as Critical, while the remaining 6 have Important severity rating.
Several versions of Windows, as well as the Edge web browser see action this time around.
The most important update that IT admins are recommend to prioritize is one that goes by
MS16-144, which is a cumulative security update for Internet Explorer. It patches remote code execution flaws in the browser.
Flaws that give an attacker exploiting the vulnerability the same rights as a logged in user, allowing full access to the computer and locally stored data:
"The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.”
Next up is
MS16-145, a cumulative security update for Microsoft Edge that also takes care of RCE flaws.
Which brings us to
MS16-146, also rated as critical, and this patches security issues in Microsoft Graphics Component.
MS16-147 addresses flaws in Windows Uniscribe, while Microsoft Office users have
MS16-148 to deal with that fixes problems in Office, Office Services, and Web Apps.
And finally, be on the lookout for
MS16-154 that is a security update for Adobe Flash Player that comes to address the latest issues that exist in Flash Player in Internet Explorer and Edge browser.
Adobe itself repaired these recently.
As is usually the case, users and IT administrators are recommended to prioritize deployment of the critical security updates. System reboots may be required, so proceed accordingly.
source:windows10update
