SecuritySecurity Management

Microsoft Ends 2016 With Patch Tuesday Windows 10 Fix

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Google + Linkedin Subscribe to our newsletter Write a comment

Internet connection issues for Windows 10 users resolved in last Patch Tuesday update of 2016

Microsoft has fixed a Wi-Fi connection issue that has reportedly been plaguing Windows 10 users, in December’s Patch Tuesday security update.

The last update of 2016 sees Redmond delivering a total of 12 security bulletins, six of which are rated as ‘critical’ and six as ‘important.’

Microsoft admitted last week that some Windows 10 users had trouble connecting to the Internet. It advised users to reboot, but not shutdown their computers, to resolve the issue.

microsoftpatch0Patch Before Partying

Meanwhile back to the bulletins, it seems that one of the most noteworthy bulletins to apply before any festival celebrations can begin, is MS16-144 for Internet Explorer. At least according to Amol Sarwate, director of vulnerability research at Qualys.

Microsoft Edge browser is also patched with MS16-145, which again fixes three vulnerabilities.

Microsoft Office also gets updated (MS16-148) to prevent a user being compromised without any user interaction.

“December continues a long running trend with Microsoft’s products where the majority of bulletins (6) are dominated by remote code execution (RCE) vulnerabilities, which predominantly affect consumer applications,” noted Adam Nowak, lead engineer at Rapid7.

“These types of vulnerabilities are difficult to distinguish as they typically lure users to visit/open an e-mail, webpage or multimedia, which makes use of specially crafted content,” he warned. “Upon viewing this content (emails, webpages, etc.) a bad actor can execute malicious code and take complete control of an affected system with the same privileges of the user, this action is known as remote code execution.

“Unfortunately, consumers remain the single largest attack vector and should pay attention to the following critical remote code execution bulletins: MS16-144, MS16-145, MS16-146, MS16-147 and MS16-154.”

But he also advised system admins pay attention to critical remote code execution bulletins MS16-146 and MS16-147.

Ongoing Battle

There are no signs of any slowdown in the number of vulnerabilities being discovered as 2016 winds down to a close.

Earlier this week Symantec warned that Microsoft’s PowerShell scripting language and shell framework is increasingly being used to create malware and can be exploited as an attack vector by hackers.

And Proofpoint has also noted a new malvertising attack targeting Windows and Android devices. That attack on internet routers ensnares victim networks though legitimate websites hosting unknowingly distributed malicious advertisements.

Quiz: Are you a security pro?