Microsoft Releases May 2016 Security Updates for Windows, Office, Edge Browser
May 12, 2016
Shah Sheikh (1294 articles)

Microsoft Releases May 2016 Security Updates for Windows, Office, Edge Browser

Microsoft has released this month’s Patch Tuesday updates to fix vulnerabilities in a wide array of software solutions, including Windows, Internet Explorer, Edge browser, and the Office productivity suite.

There are 8 critical security updates this month, one of which is provided by Adobe and meant to fix vulnerabilities in Flash Player, but which Microsoft ships as part of its Patch Tuesday cycle via Windows Update in order to patch address flaws in IE and Edge browser.

All critical updates are aimed at correcting Remote Code Execution vulnerabilities that require users to manually open a compromised website or document in order to enable the attacker to obtain the same privileges as the logged-in Windows user.

MS16-051 and MS16-052 are two of the critical security updates that are specifically aimed at Internet Explorer and Microsoft Edge browsers, bringing fixes on all Windows versions currently supported by Microsoft. The company recommends everyone to deploy them as soon as possible, especially if using these browsers on a daily basis.

MS16-053 is a cumulative update for Jscript and VBScript, while MS16-054 brings Office improvements for both the desktop productivity suite, but also for Microsoft Office Services and Web Apps.

Prioritize the IE patch

Microsoft’s Graphics Component gets patched with MS16-055, while MS16-056 brings security fixes for Windows Journal. Lastly, MS16-057 is a security update for Windows Shell that protects users against a vulnerability which involves forcing the user to browse to a specially crafted website that accepts user-provided online content or to open content distributed via email or other methods.

The first patch that needs to be installed in MS16-051, which patches a critical RCE vulnerability that’s already being exploited in the wild.

Wolfgang Kandek, CTO of Qualys, says that “the vulnerability is in the JavaScript engine and in Vista and Windows 2008 the engine is packaged separately from the browser, so if you run these variants of Windows (only 2% still run on Vista) you need to install MS16-053.”

Overall, this Patch Tuesday rollout addresses more than 100 flaws in Microsoft’s software solutions and services, so it’s critical for customers to install them as soon as possible.

Source | SoftPedia