Wednesday, May 11, 2016

Patch Tuesday: all Windows holes but not only – ZDNet France

Microsoft patches fall down like rain this May: intensely. Admittedly Redmond announces corrected 36 vulnerabilities, including 8 considered critical in 16 different newsletters. Good luck for system administrators.

As we have mentioned, all Windows are affected by multiple vulnerabilities. The publisher states that users of Windows 10 and earlier versions (still supported) should apply this patch as soon as possible in order to prevent exploitation by attackers.

The flaw is located at managing images and fonts from the operating system. In total, the patch actually overcomes four Windows vulnerabilities, the most critical enabling an attacker to install malware on a vulnerable machine.

The American publisher, however, believes that this critical flaw n has not yet done so far under attack. This is the fourth time this year that a vulnerability affects all versions of the OS as support.

Remember that users of Windows XP, the extended support is finished, do not benefit ‘no security fixes for these flaws.

the rest is in keeping. As emphasized Wolfgang Kandek, CTO of Qualys’ on the top of our list of priorities is the update for Internet Explorer (MS16-051) that solves critical RCE type of vulnerability, CVE-2016-0189 in the case that is currently under fire from attacks. ”

“This vulnerability is in the JavaScript engine in Vista and Windows 2008, the engine is separate from the browser. So if you run these Windows versions (only 2% still work in Vista) you must install MS16-053, “says the expert.

It will also address MS16-054 for Office” that fixes two critical vulnerabilities in the RTF file format. They can be triggered via the Outlook preview pane without your users click the malicious file. “

Edge is not forgotten with a bulletin that addresses four critical vulnerabilities,” recognizing that none of these faults not the subject of a direct attack. “

” If you are running IIS as a web server, be interested in the MS16-058 bulletin if there is risk that attackers get the required privileges to access your systems, “says the expert

consulting shape. Conclusion:” Patch Tuesday with the most intense for a while because of threats 0-Day discussed as and their potential size, be sure to continue to monitor what happens. “

LikeTweet

No comments:

Post a Comment