December 2016’s Patch Tuesday has rolled out some crucial security updates, like KB3204059, the cumulative security update for Internet Explorer. This update is also known as MS16-44, and it should definitely be prioritized by IT administrators as it patches remote code execution vulnerabilities in the browser.
Remote Code Execution Flaws Explained
Shortly said, the ability to trigger arbitrary code execution from one computer on another (mostly via the Internet) is widely known as remote code execution. Again, what enable attackers to execute malicious code and gain control over the compromised system is vulnerabilities such as KB3204059.
Once the system is under the attackers’ control, they can elevate their privileges. That being said, the best way to prevent remote code execution attacks is by never allowing vulnerabilities to be exploited. Unfortunately, remote code execution flaws are very often favored by attackers, and that is what makes keeping your operating system up-to-date crucial.
KB3204062, Cumulative Security Update for Microsoft Edge
That’s another crucial patch from December 2016’s Patch Tuesday. It also addresses remote code execution flaws. Another critical patch is KB3204066, or the critical security update for Microsoft Graphics Component. Attacks based on these flaws urge the user to visit malicious websites or open a compromised document.
Then we have MS16-147 that addresses security vulnerabilities in Windows Uniscribe. Microsoft Office customers should prioritize MS16-148, which patches MS Office, Office Services, and Web Apps.
Needless to say, critical updates should be installed as soon as possible.