Microsoft has released its latest Patch Tuesday update containing 13 bulletins in total, with five of which rated as critical.

Microsoft browsers require some attention this month, after Wolfgang Kandek, CTO of Qualys, blogged that MS16-023 for Redmond’s aging Internet Explorer is ranked as the top patch.

This patch fixes 13 critical vulnerabilities, which could allow the attacker to take over the targeted machine during a visit to a malicious website. But harmless websites could also be carrying the vulnerability.

Microsoft newer web browser, Edge, has also received a critical update (MS16-024) for 11 vulnerabilities, ten of which are critical. Kandek feels that security researchers have been focusing their attention on Edge, which has started to catch up Internet Explorer in terms of numbers of flaws.

Kandek also feels that MS16-029 is a must patch, as it contains a new version of Microsoft Word, which is common attack route used by attackers, for example email attachments.

Other patches are for fixes to Windows Media Player (MS16-027) and the new PDF Reader for Windows 8 and up (MS16-026).

Apple Flaw

Kandek also pointed out that Apple had to move quickly as the popular bit torrent client “Transmission” was trojaned with a Ransomware version. Apple quickly revoked its signing certificate and updated the signatures in xprotect.

“If you’re running Mac or multi-platform, you also need to know about Mac ransomware discovered just last week,” warned Russ Ernst, senior director of product management at HEAT Software.

“Dubbed ‘KeRanger’ by researchers who discovered it, KeRanger is reportedly the first fully functional ransomware seen on the OS X platform,” he noted. “The application was signed with a valid Mac app development certificate which initially allowed it to bypass Apple’s Gatekeeper. Once installed, KeRanger waits three days before connecting with command and control servers over Tor. Then, it begins encrypting files and demanding bitcoin ransom from victims.

“Apple has since fixed the problem by revoking the certificate however this should be a lesson to administrators that Macs are not immune to attack and everyone should be cautious about what they install,” said Ernst.

What do you know about web browsers? Take our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

1 day ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

1 day ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

1 day ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

1 day ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

1 day ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

1 day ago