SHARE
windows vulnerability

This large flaw may provide hackers the opportunity needed to conduct arbitrary code execution.

Although the month was like in patches for critical security, there was a serious vulnerability that reportedly affected all versions of Windows platform.

Microsoft’s latest released security bulletin that has been dubbed ‘Patch Tuesday’, suggested that any users on Windows Vista or later, including Windows 10, need to patch right away to avoid dealing with serious flaws in how system operates and handles specific files.

This critical vulnerability is referred to as MS16-013, and it may allow hackers to conduct arbitrary code execution using the logged-in user, with administrators being at most risk. The attacker has to get the user to open a special journal file that allows the hacker access to the system. Then they will be able to open programs, create new accounts, and even delete information as the administrator.

The vulnerability also affects Windows Server 2016 Tech Preview 4. On a positive note, Microsoft stated they were not aware of the flaw being taken advantage of by any attackers.

Microsoft also launched three additional patches for critical flaws that impacted both Windows and Office software.

The MS16-012 vulnerability patch focuses on areas that can allow hackers to operate the system and run code on systems that have been affected. The user would be tricked into opening special PDF files, with those using Windows 8.1 and Windows 10 being at most risk. The flaw had been reported to Microsoft privately, so there are no reasons to believe any attacker has taken advantage of the flaw at this time.

Meanwhile, MS16-015 corrects various flaws with Microsoft Office’s memory that has been corrupted, allowing attackers to execute code remotely once the user opens a special Office file. The attacker would then have the same system access as the user that is logged in. These flaws were also reported privately, with the exception of a SharePoint cross-site scripting issue that was disclosed publicly.

Then there is MS16-022 that patches over two dozen different flaws and vulnerabilities associated with Adobe Flash Player for Windows 8.1 and higher.

Along with their monthly bulletins, Microsoft also released a cumulative patch for IE, referred to as MS16-009. Windows 10 users have a patch for Edge as well, called MS16-011.

Of all these, the more serious vulnerabilities allow hackers to take advantage of both IE and Edge browsers, controlling how they handle various objects within the memory, and then parse an HTTP response. Fortunately, these too were reported privately to Microsoft and show no signs of attackers taking advantage of them.

There were four more patches released as well that regarded ‘important’ issues like denial of service and elevation of privileged issues.

You will be able to use the regular update channels for February’s patches.

LEAVE A REPLY