All Versions Of Windows Hit By ‘Severe’ Security Vulnerabilities -- Remote Code Execution
Short Bytes: As a part the latest Patch Tuesday,
Microsoft released 13 security patches for all version of Windows and
other software like Microsoft Office, IE, Flash etc. Out of these, 6
vulnerabilities were rated critical and demanded immediate attention
from your side.
Windows
is hit by major vulnerabilities that affect all supported version of
Windows operating system. In its latest Patch Tuesday security bulletin,
Microsoft said that the users of Windows Vista and later should
immediately patch their systems to guard themselves against these
serious security flaws. The company provides this information to help
customers prioritize monthly security updates with any non-security
updates.The monthly release lists 13 security threats,
including 6 critical vulnerabilities for remote code execution. The
other 7 flaws deal with the denial of service, security feature
bypassing, and elevation of privileges. These vulnerabilities confirm
the outcome of a recent research that shows how more than 85% threats in Windows can be mitigated by revoking the administrative rights.
Labeled critical, MS16-009 deals with the vulnerabilities in Internet Explorer. If a user visits a specially crafted webpage using the browser, this flaw could allow remote code execution. The attacker could also gain the same user rights as the current user and install programs, view or delete data, or create new user accounts with full rights.
MS16-011 is a critical vulnerability that affects Microsoft Edge and affects the system just like MS16-009.
MS16-012 is a critical security update for Microsoft Windows PDF library. If the library improperly handles the API calls, an attacker can run arbitrary code to gain user rights.
Similar remote execution risks are posed by other threats that are patched by MS16-013, MS16-015, and MS16-022 fixes.
The list of affected software by these vulnerabilities includes Microsoft Windows (all supported versions), Microsoft Edge, Internet Explorer, Microsoft Office, Microsoft Office Services and Web Apps, Microsoft Server Software, Microsoft .NET Framework, and Adobe Flash Player.
These flaws were privately reported to Redmond and are not thought to have been exploited by attackers. You can read about these security updates in detail at Microsoft’s website.
Windows users, go patch your software!
Labeled critical, MS16-009 deals with the vulnerabilities in Internet Explorer. If a user visits a specially crafted webpage using the browser, this flaw could allow remote code execution. The attacker could also gain the same user rights as the current user and install programs, view or delete data, or create new user accounts with full rights.
MS16-011 is a critical vulnerability that affects Microsoft Edge and affects the system just like MS16-009.
MS16-012 is a critical security update for Microsoft Windows PDF library. If the library improperly handles the API calls, an attacker can run arbitrary code to gain user rights.
Similar remote execution risks are posed by other threats that are patched by MS16-013, MS16-015, and MS16-022 fixes.
The list of affected software by these vulnerabilities includes Microsoft Windows (all supported versions), Microsoft Edge, Internet Explorer, Microsoft Office, Microsoft Office Services and Web Apps, Microsoft Server Software, Microsoft .NET Framework, and Adobe Flash Player.
These flaws were privately reported to Redmond and are not thought to have been exploited by attackers. You can read about these security updates in detail at Microsoft’s website.
Windows users, go patch your software!
Comments
Post a Comment