Latest Security News
Posted by Orion Network Solutions on April 16th, 2016
Keeping track of security news by Microsoft, Java, Adobe, and other vendors will help your company keep your data safe and inaccessible to third-parties. Microsoft releases monthly security updates for Windows and its other products. The overview of the February 2016 security release began with an executive summary, which lists important facts such as the release of 13 security bulletins. Six of those bulletins are identified as critical. Moreover, all Microsoft operating systems and products like Internet Explorer are affected by those security issues.
The following six bulletins are rated critical in the February 2016 Microsoft security updates:
1. MS16-022 – This resolves the flaws in Adobe Flash Player through an update of Flash libraries in Internet Explorer 10 and 11, and Microsoft Edge. The patch is for all supported versions of Windows.
2. MS16-009 – This is the monthly cumulative security fix for IE to patch 13 vulnerabilities, such as remote code execution. Microsoft will not patch versions that are older than IE 11.
3. MS16-011 – This patches six vulnerabilities in Microsoft Edge. The most severe vulnerability enables RCE when a user browses a malicious webpage.
4. MS16-012 – The update deals with the bugs in the PDF library of Microsoft Windows. The most severe but allows RCE. The update is critical for all Windows versions that have a PDF reader.
5. MS16-013 - The security update patches a Windows Journal RCE vulnerability, which pertains to a memory corruption bug. An attacker may exploit the bug successfully when a user opens a malicious Journal file.
6. MS16-015 – This update closes the holes in Microsoft Office, making it a priority on most deployment lists as it resolves seven flaws in SharePoint, Excel, and Word.
The MS16-014 (rated important) resolves other flaws and RCE in Windows where an attacker could perform remote code execution when exploiting the most severe hole. The security update addresses the bugs that can allow denial of service, elevation of privilege, and security feature bypass.
The MS16-016 is another bulletin rated important as it fixes a hole in the operating system by correcting the validation of WebDAV memory. Vulnerabilities in WebDAV could enable an elevation of privilege when an attacker uses the client to send a specially crafted input to the server. MS16-017 patches the remote desktop display driver to prevent elevation of privilege, which can occur when the attacker logs into a target system using RDP to send malicious data. However, users are not at risk when RDP is not enabled.
Java and Adobe released security updates this month, too. For Java, Oracle released security updates to address the vulnerability in Java SE versions 8, 7, and 6 for Windows. The vulnerability lets a remote attacker control the affected system. Adobe issued a crucial update for Flash Player to fix security problems. Security bulletins for Experience Manager, Flash Player, Connect, Bridge, and Photoshop recommend users to update those programs to the latest versions to avoid remote attacks and to fix vulnerabilities.
Sources: http://www.networkworld.com/article/3031653/security/microsoft-released-13-security-bulletins-for-feb-patch-tuesday-6-rated-critical.html
https://www.us-cert.gov/ncas/current-activity/2016/02/08/Oracle-Releases-Security-Updates-Java
https://blogs.adobe.com/psirt/?p=1315
http://krebsonsecurity.com/2016/02/criticial-fixes-issued-for-windows-java-flash/
About the Author:
Mike Rana is the Chief Technology Advisor of Orion Network Solutions. Orion Network Solutions specializes in providing Computer Installation, Maintenance, and Consulting services along with 24x7 help desk services for small and midsize companies. We provide network solutions that enable small businesses to not only lower their management cost but also increases employee productivity at the same low price. We offer network solution that becomes an integral part of your organization and can provide an increase in productivity of your organization.
