Patch Tuesday: Desktop Focus As Microsoft Tackles Office And Edge Flaws

Microsoft has issued its monthly Patch Tuesday security update and it seems to be business as usual for the software giant.

Microsoft has released nine security bulletins that tackle the usual operating systems, browsers, and server flaws, but also included fixes for a font issue. Five updates are rated as critical while four are rated as important.

Patch Tuesday

The good news for system admins returning from their summer holidays is that as Todd Schell, Product Manager at HEAT Software pointed out, none of this month’s updates are under active exploit.

Schell recommends that admins start with MS16-095 for those systems running Internet Explorer and MS16-096 for systems utilising the newer Edge browser. The flaws here could allows for privilege escalation and remote code executions.

Schell also advises that MS16-099 for Microsoft Office should also be actioned as soon as possible. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.

Amol Sarwate, Qualys Director of Vulnerability agrees with Schell that immediate attention should be paid to the three above flaws.

Next up is MS16-097, a critical update for a Microsoft Graphics Component that addresses three vulnerabilities in Windows, Office, Skype for Business and Lync.

“MS16-097 addresses a critical issue in the handling of fonts by the windows font library,” said Sarwate from Qualys. “The windows font library has been targeted in the past as attackers can send files with specially crafted fonts or simply host them online to get users victimised. The vulnerability is critical as it too causes RCE.”

The last critical bulletin is MS16-102 which is a security update for PDF Library in Windows.

Desktop Heavy

“Interestingly, this month, all of the issues resolved are entirely in desktop deployments, so it looks like IT administrators who are responsible for the data centre machines get a break,” commented Tod Beardsley, Rapid7 Security Research Manager. “This is not to say the server operating systems are completely unaffected, of course.”

On the desktop side, things are pretty normal for this month,” added Beardsley.

Adobe meanwhile surprised industry watchers in that there is no Flash Player update (only an advisory), but APSB16-27 addresses a flaw with Adobe Experience Manager.

Other patches are for Adobe Reader and Cold Fusion.

Quiz: What do you know about cybersecurity in 2016?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

3 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

3 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

3 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

4 days ago