Blog

Microsoft releases 13 security bulletins – 5 critical, yikes!

Eight of the bulletins released by Microsoft resolve remote code execution vulnerabilities.

Microsoft patches bulletins

The five critical patches released are for RCE flaws. MS16-023, 024, 026, 027, and 028 are the patches that reach Windows Media Parsing RCE bugs, Windows PDF Library holes, and Microsoft Edge corruption flaws. Included in these five are the codes for execution flaws for IE and to correct 13 memory corruption vulnerabilities. The monthly fix for Microsoft Edge is a part of the list, patching 10 memory corruption flaws that could lead to even more execution flaws as well as information disclosure bugs.

The other eight bulletins are listed as a notch down from critical, as “important” for both RCE and EoP. Although these patches are not needed immediately, without attention many lead to greater future problems and security errors. It would be best to identify which patches fit your immediate needs and which will become problematic in the future. For instance the MS16-030 is listed as important, though if left alone a hacker could exploit the two Windows OLE memory RCE flaws if the Windows OLE fails to validate user input. Unless your users are completely accurate, without fail, this should be patched.

If you would like to see the complete list of bulletins, in more detail, please visit:

http://www.networkworld.com/article/3041843/security/microsoft-released-13-security-bulletins-5-rated-critical-but-8-patching-rce-bugs.html?token=%23tk.NWWNLE_nlt_networkworld_security_alert_2016-03-09&idg_eid=b0bd995e2814d7f58c50105dd3327c12&utm_source=Sailthru&utm_medium=email&utm_campaign=NWW%20Security%20Alert%202016-03-09&utm_term=networkworld_security_alert#tk.NWW_nlt_networkworld_security_alert_2016-03-09