Microsoft Delivers Final Patch Tuesday For Windows 8

Microsoft has delivered its last Patch Tuesday for users of the Windows 8 operating system, and older versions of Internet Explorer (8, 9 and 10), issuing nine bulletins – six of which are rated as critical.

“The first Patch Tuesday of 2016 turns out to be low in numbers, but broad and packing quite a punch: six of the nine bulletins are rated critical, including the Windows Kernel and Office bulletins,” blogged Qualys CTO Wolfgang Kandek.

Patch Tuesday

“In addition some rather important products are going End-of-Life and get their last patch update today,” he added. “Microsoft is retiring support for all older browsers on each platform and will from here on only maintain the newest browser on each version of the OS.”

Kandek says that the highest priority item for system administrators is MS16-005, which addresses an issue of Remote Code Execution (RCE) on Vista, Windows 7 and Server 2008.

The second priority is MS16-004 which addresses six vulnerabilities in Microsoft Office, all capable of giving the attacker RCE. Other bulletins to look out for are Internet Explorer (MS16-001) and Microsoft Edge (MS16-002), both critical and both contain a vulnerability that would allow a hacker to gain control of a PC via a malicious webpage.

The remaining critical bulletin is MS16-006 for Silverlight.

Wolfgang Kandek later warned that this bulletin is now his highest priority update for system administrators, after Kaspersky discovered that MS16-006 is under attack in the wild.

“Kaspersky also made it clear that this vulnerability is under attack in the wild and that we are looking at a true 0-day here,” said Kandek. “This changes our priorities – we now put MS16-006 at the top of our list. Take a look at your installations, see if you have Silverlight installed and address the flaw as soon as possible.”

Qualys’ Kandek also pointed out that system admins should not forget about Adobe, which has published its updates at the same time.

User Ignorance?

This Patch Tuesday represents the final patch for the Windows 8 operating system, but not Windows 8.1.

Microsoft has been warning users for a while now that older versions of Internet Explorer will no longer be supported. Internet Explorer 7 and 8 have been officially retired. IE9 and IE10 are only maintained on some specific legacy platforms. This means that fans of Microsoft browsers will either have to use Internet Explorer 11 or the new Edge browser.

App migration specialist Camwood meanwhile is warning that 74 percent of Internet Explorer users will miss the IE support cutoff.

Its survey last week showed that three quarters (74 percent) of Internet Explorer users will not have upgraded their IE browser as of 12th January. It questioned more than 1,000 internet users on whether or not they intend to make the switch to IE 11.

More than half (56 percent) of respondents use Internet Explorer as their primary browser, yet only 26 percent will have made the switch by the end of support deadline, with 74 percent having no plans to upgrade before Tuesday 12th January.

Camwood also pointed out that 61 percent of IE users claim they have not even considered making the upgrade, despite all the publicity Microsoft has made warning of the support deadline. It seems that 13 percent of IE users are planning to make the switch at some point in the next six months.

“It’s a concern to see how many internet users are still failing to take these update deadlines seriously,” said Adrian Foxall, CEO of Camwood. “Given the number of hacking scandals and security breaches that were reported in 2015 we were hoping to see an increase in the vigilance of individuals online. Unfortunately, it appears that the majority of internet users still don’t recognise regular updates as a vital part of basic internet security.”

What do you know about web browsers? Take our quiz!