Yesterday’s Patch Tuesday updates fix four zero-day flaws

Microsoft’s security update yesterday for Patch Tuesday dealt with a large number of critical flaws, including four zero-day exploits. The update included 10 security bulletins which spanned 49 different vulnerabilities.

Six of those bulletins are concerning remote code execution vulnerability, five of which are rated as Critical updates. ZDNet notes that four of the flaws are zero-day exploits, or “previously unknown bugs that were being exploited in the wild.”

The most critical vulnerabilities were among the following security bulletins:

  • Microsoft Security Bulletin MS16-118 – Critical – This vulnerability allowed for remote code execution if a user viewed a “specifically crafted webpage using Internet Explorer.
  • Microsoft Security Bulletin MS16-119 – Critical – The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge.
  • Microsoft Security Bulletin MS16-120 – Critical –This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Silverlight and Microsoft Lync. The most serious of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document.
  • Microsoft Security Bulletin MS16-122 – Critical – The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user
  • Microsoft Security Bulletin MS16-127 – Critical – This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

Yesterday’s update fixes a number of critical flaws so if you haven’t downloaded it yet, head over to Start > Settings > Update & Security and click Check for Updates. The nature of this remote code execution exploits also reinforces the danger of clicking links in either random, or phishing scam type of messages, or opening unsafe attachments for that matter. So stay safe out there and remember to pause and think before you click!

Share This
Further reading: , ,

Are you concerned by the number of zero-day exploits addressed in yesterday's patch?