Microsoft closes the year with major security updates for its products

khushaartanveer@gmail.com' By: Khushaar Tanveer
4 minute read

With 2016 almost reaching its departure, Microsoft released their one last ‘Patch Tuesday‘ update for the year. This update has by far the highest number of security updates released in a single patch. It features six critical patches, with the remaining six rated as important. It covered 34 individual flaws, all of which if exploited could lead to Remote Code Execution. So get ready for restarts. It is favorable to not delay the deployment of these patches. Since three of them, address vulnerabilities which have been publicly disclosed.

The critical flaws are explained in bulletins MS16-144, MS16-145, MS16-146, MS16-147, MS16-148, and MS16-154. They are said to overcome susceptibilities in Windows, Internet Explorer, Edge, and Office. More specifically, the glitch Windows 10 users were facing while connecting to the internet after the last wave of patches released by Microsoft.

Marked ‘Critical’:

MS16-144

MS16-144 is released to address a plethora of bugs in Internet Explorer. It also fixes a couple of glitches which tend to cause information leaks and one that could lead to a breach of information in Windows hyperlink object library. This patch will be included in the December monthly security update for Windows.

Here are the publicly disclosed flaws

  • CVE-2016-7282 – a Microsoft browser information disclosure vulnerability.
  • CVE-2016-7281 – the Microsoft browser security feature bypass bug.
  • A CVE-2016-7202 – a scripting engine memory corruption anomaly.

This update has been rated “Patch Now”, mainly because of the severity of the issue it is designated to fix. MS16-144 will be applied to all currently supported versions of IE.

MS16-145

MS16-145 overhauls several of the reported bugs in Microsoft’s ‘new and improved’ Edge browser. The number of reported glitches are surprisingly even more than Internet Explorer, that is censured with 11 flaws. MS16-145 solves these critical issues.

  • Five of the usual scripting engine flaws.
  • Two of the memory corruption bug.
  • A security feature bypass.

MS16-146

MS16-146 tends to patch critical Remote Code Execution vulnerabilities in the Microsoft Graphics Component of Windows. Moreover, it fixes the  Windows GDI information disclosure flaw.  All these vulnerabilities are privately reported. The patch is to replace last month’s graphic component update for all Windows 10 and Server 2016 systems.

It is also the second patch for Windows Security Only or “roll-up” update for this month.

MS16-147

MS16-147  is released to solely address a persisting liability in Windows Uniscribe. The bug is said to set-off a Remote Code Execution scenario. That is if users visit a specially crafted website or open a specially crafted document. It is certainly something we don’t see every month.

For those who don’t know, the Uniscribe component is a collection of API’s, which are meant to handle typography in Windows for different languages.

MS16-148

The MS16-148 is released to address a galore of Remote Code Execution vulnerabilities. The 16 privately inscribed flaws persist in Microsoft Office. The severity of the glitches can be determined by the fact that if left unpatched, they could lead to a Remote Code Execution scenario on the target system. Here’s the list of glitches:

  • Four memory corruption bugs.
  • An Office OLE DLL side-loading problem.
  • A bug that discloses critical GDI information along with several others.

MS16-154

The MS16-154 patch is a wrapper and remediates crucial flaws in the embedded Adobe Flash Player. This is potentially the most dangerous issue if left unpatched. It is said to fix 17 problems including one flaw that is currently running in the wild. Microsoft has surprisingly suggested a mitigating factor for this issue. It is astonishing because the company usually never does that. The workaround is to Uninstall Flash completely.

Reports regarding a zero-day vulnerability have been received, which managed to compromise 32-bit Internet Explorer systems. So, this is a critical “Patch Now” update.

It addresses:

  • Four buffer overflow bugs.
  • Five memory corruption issues that could potentially cause Remote Code Execution.

Marked ‘Important’:

MS16-149

The patch is released to resolve two privately reported issues in Windows.

  • A Windows crypto information disclosure flaw, that involves object handling in memory.
  • A bug that leads to elevation of privilege in Windows cryptography component.

MS16-149 will be added to this month’s security roll-up.

MS16-150

This is a security update for a sole vulnerability, reported privately. MS16-150 regards to Windows Kernel’s persisting issue that could compromise user privileges. It is mainly caused by mishandling objects in memory.

MS16-151

MS16-151 attempts to overhaul a couple of minor bugs. Each privately reported and are estimated to cause minimal harm. One is related to the Win32k EoP flaw in Windows Kernel mode drivers. The other issue it addresses is the Windows graphics component, mishandling objects in memory.

MS16-152

MS16-152  is a security patch for Windows Kernel and aims to address a sole liability. It is a privately reported vulnerability in Windows Kernel that only affects Windows 10 and Server 2016 systems. The bug is known to cause information disclosure, at worst. This patch will be bundled with the Windows monthly roll-up.

MS16-153

This patch resolves a single information disclosure glitch, also privately stated. The bug persists in a Windows driver sub-system, triggered by updating the Common Log File System (CLFS).

MS16-155

MS16-155 repairs a .NET framework liability. Microsoft noted that the bug is publicly disclosed but is not being exploited. It is potentially a lower risk vulnerability and has its own update package. Therefore, it has been spared from inclusion in the Windows quality and security roll-ups.

That is enough you need to know about each security update of this year’s final Patch Tuesday. So until next year, Happy Patching.

Related Stories you should read:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Discussions

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading