As part of this latest Patch Tuesday haul, Microsoft fixed a total of 38 security vulnerabilities, via five security updates deemed critical and four rated as important. And here they are:
MS16-095 deals with memory corruption flaws found in Internet Explorer. If exploited correctly, a user visiting a malicious website could have his machine infected and an attacker could remotely run code.
MS16-096 is a cumulative update for Edge that handles some of the same flaws as those found in IE. On top of those, the update, deemed critical, fixes some flaws that allowed information to leak out of the browser. Shockingly, none of these bugs seem to have been related to Adobe Flash, with the plugin seemingly receiving no security patches this time around.
MS16-097 addresses a number of vulnerabilities found in the Microsoft Graphics Component. Related to the way the company’s program render fonts, the security flaw could allow remote code execution if a user visited a malicious website or opened a specially-crafted document. The patch fixes this in all supported versions of Windows, Windows Server, Skype for Business, Lync and Office 2007 and 2010.
MS16-098 is only deemed to be important, and not critical, despite dealing with security flaws in kernel-mode drivers. A malicious agent exploiting these vulnerabilities could gain the same privileges as a logged-on user.
MS16-099 fixes a few more flaws found in Office, which may be exploited by maliciously-created documents. The patch is also available for Office for Mac 2011 and 2016.
MS16-100 is perhaps the worst sounding exploit of the batch, because it deals with rootkits. The flaw fixed by this patch could allow an admin, or someone with physical access to a device to bypass Secure Boot and install a different OS on the machine, or install rootkits at the bootloader level.
A few more patches were included in these latest cumulative updates for Windows 10 and other versions of Microsoft’s programs, though the most interesting ones are those listed above. You can check out the full list at the source link below, but so far Microsoft has been stingy with details of these exploits and patches.
As usual, we recommend you always keep up to date with all security patches and updates and install the newest software available.