Microsoft Patch Tuesday Update Tackles Exploited Flash And IE Flaws

Microsoft has issued 16 patches in May’s Patch Tuesday update, including eight which are rated as critical. It has warned some of the zero day flaws are being actively exploited by attackers in the wild.

“A full third of the vulnerabilities in May’s release are patched in Adobe Flash,” said Karl Sigler, Threat Intelligence Manager at Trustwave. “Since Flash is embedded in Microsoft’s IE and Edge browsers, Microsoft started including Adobe patches as a part of their own patch cycle last month.

“These vulnerabilities in Flash are rated Critical and it’s surely just a matter of time before they get imported into popular Exploit Kits. The final Critical bulletins are being patched in MS Office, various Windows components like Microsoft Graphics Component and one rather troubling critical RCE in Windows Shell.”

Patch Tuesday

He urged system admins to pay attention to the MS16-065 bulletin, which while only rated as important, provides an update for .NET Framework. It patches a flaw that could permit a man in the middle attack on SSL/TLS traffic that can allow for full decryption of an existing session.

Qualys CTO Wolfgang Kandek meanwhile feels that the most pressing update for system administrators responsible for Microsoft software is the update for Internet Explorer (MS16-051). This tackles a remote code execution (RCE) flaw that is currently under attack in the wild.

MS16-054 for Office is another RCE exploit and the update addresses two critical vulnerabilities in the RTF file format that can be triggered through the Outlook preview pane without users actually clicking on the malicious file.

Microsoft’s Edge browser has also been patched with MS16-052, which deals with four critical vulnerabilities that could allow RCE if a user views a specially crafted webpage using the Edge browser.

MS16-055 meanwhile a patch for the graphical subsystem in Microsoft Windows, that is also a critical flaw that could allow RCE.

Other bulletins to be aware of are MS16-057 (Windows Shell); MS16-062 (Windows Kernel drivers); and MS16-056 and MS16-059 (Windows Journal and Windows Media Center respectively).

ImageMagick Flaw

Qualys’s Kandek also took the opportunity to warn of another vulnerability that affects the popular open source program ImageMagick. He said the flaw is currently under active attack on the Internet and allows for remote code execution through image uploads.

“This one of more intense Patch Tuesdays in a while, including a 0-day advisory for Adobe Flash,” said Kandek. “But I’m going to reiterate the urgency of another vulnerability that might have slipped you by.”

“The popular open source program ImageMagick is currently under active attack on the Internet. At the moment no patch is available, but a workaround has been published that neutralizes current attacks. We recommend the same thing the attackers are doing: scan your infrastructure for occurrences of ImageMagick and then apply the workaround in the policy.xml file.”

Are you a security pro? Try our quiz!