Routine fixes for Office and web browsers, but no flaws are being actively exploited in the wild
Microsoft has released 11 updates in total, six of which are rated as critical. Adobe meanwhile patched 52 vulnerabilities for its products.
Todd Schell of HEAT Software explained that none of Microsoft’s 40 vulnerabilities patched this month are under active attack, which is a bit of good news for system administrators.
But he warned that the top priority has to be Adobe’s patches.
“While this was one of the biggest updates made by Adobe this year, it thankfully does not include any active exploits. If you’re still using Flash Player regardless of OS, definitely get this update made first. There are also updates for Acrobat and Reader so if you use those tools, be sure to update those too using APSB16-26.”
Schell reckons that the priority for the Microsoft updates should be MS16-087, which fixes two flaws in Windows Print Spooler which could allow remote code execution via a man in the middle attack. His next critical update is MS16-086, which fixes a problem with JScript and VBScript in Vista and Server 2008.
“Overall, it is a quiet month from an attack perspective so you are best served to use this time to take a close look at all the bulletins and update your older systems,” said Schell.
Amol Sarwate, director of vulnerability research at Qualys meanwhile recommends that system admins should also pay attention to MS16-088 for Microsoft Office, as a flaw could allow remote code execution if a user opens a specially crafted Microsoft Office file.
Qualys Sarwate also warned system administrators to pay attention to the Adobe fixes.
Unfortunately, Adobe’s Flash player suffers frequent security problems, and its widespread presence in web browsers has made it an attractive target for online criminals.
Last month Adobe had to push out an update to fix a critical flaw that computer security experts had warned was being exploited in attacks since March.