Yesterday, July 12, 2016, Microsoft unleashed a torrent of updates to both its core operating systems as well as apps, services and tools that were either in preview or betas. There were several significant updates packed with fixes and improvements that came down the pipe for Windows 10 Insiders on PC and mobile that might have overshadowed the more critical patches issued to regular users.
Yesterday’s Patch Tuesday brought a series of fixes and patches for feature improvements within Windows 10 as well solving six different critical issues along the way. While the release of new Insider builds may draw more attention from the early adopters, regular Windows 10 users should be pleased to know that yesterday’s Patch Tuesday release bundled fixes for over 52 vulnerabilities that involved the Windows kernel, Secure Boot and Bitlocker.
Sure, the sheer number of open vulnerabilities might be a bit off-putting, but at least the Windows team found them and addressed them yesterday.
Here are the Windows 10 release notes from yesterday’s Patch Tuesday:
- MS16-092 and MS16-089 address vulnerabilities found in the Windows kernel. While the first flaw is found on all Windows and Windows Server versions, the second one only relates to Windows 10. The flaws addressed, would have allowed for the disclosure of information on the target machine.
- MS16-090 addresses security flaws that would allow an attacker to elevate privileges, by taking advantage of a flaw in all Windows and Windows Server versions.
- MS16-094 addresses a flaw that would allow an attacker to Windows Secure Boot and BitLocker disk encryption. If the attacker had physical access to a machine or had remote admin privileges, he could disable these security mechanisms and load executables on the target machine.
- MS16-084 and MS16-085 address a myriad of flaws in Internet Explorer and the Edge browser. Between them, they address 28 vulnerabilities, many of which would allow for malware infections of the PC if the user visited maliciously crafted websites.
- Speaking of malware infections, MS16-093 is a cumulative update for Adobe Flash Player, that addresses 24 flaws. Those on Windows 8.1 and newer are getting this update from Microsoft, but those on older versions of Windows need to install this patch manually from Adobe.
- Finally, there’s MS16-087, which is a very interesting one as it basically addresses a vulnerability that allows a print server or the network to spew malware at all connected PCs. Microsoft says that an attacker could take advantage of flaws in the Windows Print Spooler service, elevate his privileges and then install programs or access data on network-connected systems.
With the Windows 10 Anniversary Update scheduled for early August, it will be interesting to see the list of patches and vulnerabilities that arrive with August’s and September’s Patch Tuesday releases.