Microsoft’s Patch Tuesdays have become a hot subject among professional and regular users. Some of the updates have triggered lots of discussions, due to issues that have appeared after the update process. Nonetheless, updates are not to be overlooked – security patches, in particular, are crucial to the health of the system.
Apropos, the first Patch Tuesday for 2016 contains 9 security bulletins, 6 of which are rated critical and 3 – important. What we noticed is that the bulletins’ names go from MS16-001 to -010, -009 being skipped from the row.
According to Microsoft, both upcoming security and non-security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update KB 2919355.
What Is KB 2919355?
This update is a cumulative update that includes the security updates and the non-security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 that were released before March 2014. In addition to previous updates, it includes features such as improved Internet Explorer 11 compatibility for enterprise applications, usability improvements, extended mobile device management, and improved hardware support.
Also, note that when the KB 2919355 update is installed, the following updates are also included in the installation:
- KB 2932046;
- KB 2937592;
- KB 2938439;
- KB 2934018;
- KB 2959977.
Now, let’s dive into the updates and see what they are all about.
Jan 12 Patch Tuesday Critical Updates
MS16-001: Security Update for Internet Explorer (KB 3124903)
This security update resolves several reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage in Internet Explorer.
Two non-security related updates are included in MS16-001:
- KB 3123303 – described as ‘the new end of life notification for Internet Explorer’
- KB 3135236 – described as ‘Proxy connection leaks when you open an SSL page in Internet Explorer 11 or Internet Explorer 10’
MS16-002: Cumulative Security Update for Microsoft Edge (KB 3124904)
This security update resolves vulnerabilities in Microsoft Edge. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
This cumulative update is also known as KB 3124904. According to its official description, it serves to resolve vulnerability issues in Edge.
MS16-003: Cumulative Security Update for JScript and VBScript to Address Remote Code Execution (KB 3125540)
This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
MS16-004: Security Update for Microsoft Office to Address Remote Code Execution (KB 3124585)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
As pointed out by Microsoft, this security update solves the vulnerabilities by correcting the way MS Office handles objects in memory, making sure that MS SharePoint correctly administers ACP configuration settings, and helping MS Office to implement the ASLR (Address space layout randomization) security feature.
MS16-005: Security Update for Windows Kernel-Mode Drivers to Address Remote Code Execution (KB 3124584)
This security update is rated Critical for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2; it is rated Important for all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows 10 Version 1511. For more information, see the Affected Software section. The security update addresses the vulnerabilities by correcting how Windows handles objects in memory.
MS16-006: Security Update for Silverlight to Address Remote Code Execution (KB 3126036)
This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application. An attacker would have no way to force users to visit a compromised website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email or instant message that takes users to the attacker’s website.
Learn More about This Update and the Potential Risk of Silverlight Exploits:
Are Silverlight Zero-Days the New Flash Vulnerabilities?
Jan 12 Patch Tuesday Important Updates
MS16-007: Security Update for Microsoft Windows to Address Remote Code Execution (KB3124901)
The security update addresses severe vulnerabilities such as remote code execution by:
- Correcting how Windows validates input before loading DLL files;
- Correcting how Microsoft DirectShow validates user input;
- Enforcing the default setting of not allowing remote logon for accounts without passwords.
MS16-008: Security Update for Windows Kernel to Address Elevation of Privilege (KB 3124605)
The vulnerabilities this update addresses could allow elevation of privilege if an attacker logs on to an affected system and runs a crafted application.
MS16-010: Security Update in Microsoft Exchange Server to Address Spoofing (KB 3124557)
This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow spoofing if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content.
We will keep you posted if any of those critical and important updates raise questions or cause issues.