Recently the tech giant Microsoft released nine security updates to patch 34 severe security flaws in Windows, as well as the flaws which were detected, have received the status of five rated critical. The flaws could also allow an attacker to easily control your computer or laptop just by getting you to view specially-crafted PDF content in your web browser.
Microsoft Releases 9 Security Updates To Patch 34 Severe Flaws
On August the tech giant Microsoft released nine security updates, as well as the flaws which were detected, have received the status of five rated critical. The update addresses a total of 34 vulnerabilities in the declaration of Internet Explorer, Microsoft Edge, Microsoft Office 2007/2010, Skype for Business 2016, Lync, and so forth.
A security bulletins MS16-095 and MS16-096 eliminate 17 vulnerabilities in Internet Explorer and Microsoft Edge browser. The most dangerous of them could allow attackers to remotely execute arbitrary code if the user visits a specially crafted website. Through this vulnerability, an attacker can easily gain access to the system with the rights of the current user.
But, the users of Microsoft Edge browser on Windows 10 systems are at a vital risk for remote code execution (RCE) attacks through a malicious PDF file.
However, the update MS16-097 fixes three issues in the graphics component of Windows and affects all the versions of Microsoft Windows, Microsoft Office 2007/2010, Skype for Business 2016 and Microsoft Lync 2010/2013. The vulnerabilities could allow remote code execution if a user visited a specially crafted website or open a specially crafted document as we mentioned earlier.
Bulletin MS16-099 addresses a number of vulnerabilities in Microsoft Office. The most serious of them allows an attacker to remotely execute arbitrary code in the context of the current user if the victim opens a specially crafted document. This update also fixes a vulnerability that could allow bypassing the ASLR mechanism (Address Space Layout Randomization).
Finally, the MS16-102 bulletin fixes one vulnerability in the PDF-library of Microsoft Windows. This issue could allow remote code execution if a user viewed a specially crafted or malicious PDF-content online or open a specially crafted PDF-document. This can be exploited to gain system access rights of the current user.
In addition to the above, the tech giant Microsoft has corrected a number of less dangerous vulnerabilities affecting Windows Secure Boot, Windows kernel-mode drivers, authentication system, ActiveSyncProvider for Windows 10 and Windows 10 version of 1511. The operating problems could be allowed elevate privileges on the system or to disclose the sensitive data. So the users those who already upgraded their systems to Microsoft’s new operating system Windows 10 should install the latest security updates as soon as possible to stay secure.