Security News For March 2016
Microsoft Patch Tuesday or Update Tuesday is a monthly event when security patches are released by Microsoft for its software. Security updates and bulletins come out on the second Tuesday of the month. Thirteen security bulletins were released in March 2016. Five of those updates were rated critical, including security updates for Microsoft Edge and Internet Explorer web browsers. Remote code execution could have occurred without patching the vulnerabilities. Attackers who can exploit those vulnerabilities could gain a user’s rights for the system, allowing them to take control and do whatever they please, such as install programs, delete, change, or view data, or make new accounts.
Another crucial Microsoft security update is one that resolves a vulnerability in Microsoft Windows where remote code execution could occur when the operating system fails to validate input properly prior to loading particular libraries. In this case, an attack must initially access the local system to activate a malicious application. Two other vulnerabilities in Microsoft Windows are addressed in updates MS16-026 and MS16-027 where remote code execution may be allowed when a user visits a webpage that has specially crafted embedded OpenType fonts, a specially crafted PDF file, a specially crafted media content on a website, or a bait document.
The rest of the eight security bulletins were rated ‘important’, such as MS16-031, which pertains to an elevation of privilege, a vulnerability that could occur when an attacker is able to log onto a target system to run a specially made application. Microsoft urges customers to apply all these updates as soon as they can. Customers can download and install these updates through Windows Update. It is recommended to exit the programs that might be running on the computer before starting. Most updates will require a restart, which must be done right away to make sure that the updates can immediately take effect.
A crucial Microsoft security update addresses vulnerabilities in Adobe Flash Player in support editions of Windows Server 2012, Windows 8.1, Windows 10, Windows RT 8.1, and Windows Server 2012 R2. Likewise, Adobe itself released updates for certain versions of Acrobat Reader and Acrobat to address vulnerabilities that could enable an attacker to take control of a system. Three CVEs are fixed in the updates, two of which pertain to memory corruption issues, which could allow code execution, and the third pertaining to an issue in resource directory search path, which could allow code execution, too. Adobe recommends downloading and installing these updates as soon as possible to prevent your system from becoming vulnerable.