Windows updates for September 2016

September 2016 Patch Tuesday: Browser security takes center stage

The September 2016 Patch Tuesday release from Microsoft includes 14 total bulletins, seven of which were rated critical, but six of those bulletins all highlight issues of browser security in various forms.

September 2016 Patch Tuesday: Browser security takes center stage

For September’s Patch Tuesday release, experts said MS16-104 and MS16-105 are standard bulletins for Microsoft’s Internet Explorer and Edge browsers, respectively, and should be prioritized because they include patches for remote code execution (RCE) vulnerabilities. But these bulletins do not stand alone because the web browser is a popular attack vector.

Amol Sarwate, director of Vulnerability Labs at Qualys, Inc., noted that MS16-106, for the Microsoft Graphics Component, MS16-109, for Silverlight, and MS16-116, for the VBScript Scripting Engine, each remediate critical RCE flaws that can be exploited by coercing a victim to visit a malicious website. Additionally, MS16-117 contains critical fixes for Adobe Flash libraries contained in Internet Explorer 10 and 11 and Microsoft Edge.

Lane Thames, security research and software development engineer at Tripwire, said enterprises should note MS16-116. “The catch here is that the vulnerability, identified by CVE-2016-3375, is not fully resolved until the Internet Explorer security updates in MS16-104 are applied.”

Comments are closed.