Update or Perish ! Microsoft Patch -Tuesday ,April 2016
Critical security updates for Microsoft Internet Explorer, Adobe Flash Player and Microsoft Edge released this month, along with others that should be deployed with care.
It’s that day of the month again ! Microsoft releases security updates for its products on the second Tuesday of every month. Christened Patch Tuesday or Update Tuesday in 2003, the day sees the release of the newest security patches (software designed to update a computer program, including fixes for security vulnerabilities) for the company’s software products, including fixes for its Windows operating system and related applications.
On Patch Tuesday, April 2016, Microsoft brought out thirteen security bulletins of which six are deemed to be Critical, while the other seven are classified as Important (Note that the availability of these updates for you depends on the Windows version you run and other features installed). Together, they address twenty-nine unique flaws in its products.
MS16-037, the first update made available this month, is aimed at Microsoft’s Internet Explorer (IE) and prevents hackers from taking over your computer by duplicating your rights as the user. Such a scenario occurs when you accidentally visit a malicious web page. A similar fix for Microsoft Edge is found in bulletin number MS16-038.
Particularly important for Skype for Business and Microsoft Lync, MS16-039 addresses four vulnerabilities. The update tends to cause crashes and it is advisable to test your core line-of-business applications before deploying this patch. MS16-040, like 039, fixes vulnerability to remote code execution (RCE) scenarios. It addresses this issue in relation to Version 3.0 of MSMXL Services.
Critical especially for MS Office 2007 users, MS16-042 resolves issues that could arise from mishandling of RTF format. For users of other versions of MS Office, only lower risk levels are foreseen from the threat that this update addresses.
The final update for this month – MS16-050 – is one for Adobe Flash Player, which is related to a major security loophole which Flash has shown and the company has been trying to address of late.
Barring MS16-041 and MS16-046, all of these updates correspond to privately reported vulnerabilities. Although some major flaws are set right by them, most of them concern businesses. Also, most of them can be safely added to your standard patch deployment schedule, as opposed to the “Patch Now” category. Beware of MS16-048 though, as it has been shown to cause the Blue Screen of Death error. It is advisable to let some time pass before deploying it.
MS16-047 addresses the much hyped “BadLock” vulnerability, which is a man-in-the-middle type of attack.What that translates to is: it modifies exchanges between two parties who believe they are in direct communication with each other. Although all versions of Windows are affected, it appears to pose a lower level of threat than expected.
To verify that installation of these updates has been successful, go to Control Panel. Within it, go into the System & Security area and in the Windows Update section click “View Installed Updates”. Locate April 12 and verify that updates MS16-037 through MS16-050 are installed.
Read our other posts