Microsoft patches for the months of May and
June 2016 addressed and fixed a lot of vulnerabilities. In May alone, 16
bulletins were released—and eight of these were rated critical, including
MS16-051 (cumulative security update for Internet Explorer), which addresses a
security bypass vulnerability in the UMCI (user mode code integrity) component
of the device guard when code integrity is not validated properly. Likewise, it
addressed vulnerabilities like the scripting engine memory corruption,
Microsoft Browser memory corruption, and Internet Explorer information
disclosure.
May 2016 patching has provided security
updates for VBScript and Jscript as well as for Microsoft Office,
which previously showed vulnerabilities in memory and graphics RCE corruption.
A security update was released for Microsoft Graphics Component regarding
information disclosure and Direct3D use after free vulnerabilities. A critical
update addressed the memory corruption in Windows Journal, and the remote code
execution in Windows Shell, too.
Patch Tuesday for June 2016 has some
similarities to the updates provided by Microsoft in the past several months,
with 17 bulletins and 36 CVEs, and additional 37 CVEs in Adobe Flash. Six
bulletins were ranked critical, while the others were considered important.
Under the critical updates were Edge and Internet Explorer. Microsoft DNS
server has a critical bulletin, which could be risky with a publicly released
exploit.
The biggest concern is in Adobe Flash, which
is embedded in Internet Explorer and Edge. Adobe has been part of Microsoft
patches since April. In May, 17 critical vulnerabilities were patched, and in
June, 37 issues were addressed.
Goodbye, QuickTime
In April 2016, Apple confirmed QuickTime's
end of life in Windows after 11 years of being supported by that OS. Apple will
stop issuing patches and updates for the PC version of its multimedia software.
Hence, it is best to remove the software from Windows computers or use it at
your own risk.
Trend Micro discovered two new flaws in
QuickTime 7 for Windows. Apple allegedly knew of these security threats in
November 2015 but had no plans to provide a patch, adding that the software
would deprecate on Windows. The vulnerabilities included QuickTime playing an
infected file or directing the user to a malicious website, making computers
vulnerable to remote code execution.
Other hacking news you should be aware of
Certain vulnerabilities in your computer and
applications could put your business at risk. Hence, it makes sense to always
apply patch updates when they become available. One of the latest hacking
incidents occurred with The Clinton Foundation, which was said to have been
hacked by Russians. Attacks on the network of the foundation and those of
Hillary Clinton's campaign and the Democratic Party caused a stir in the world
of digital security.
About
the Author:
Mike Rana is the Chief Technology Advisor of
Orion Network Solutions. Orion Network
Solutions specializes in providing Computer Installation,
Maintenance, and Consulting services along with 24x7 help desk services for
small and midsize companies. We provide network solutions that enable small
businesses to not only lower their management cost but also increases employee
productivity at the same low price. We offer network solution that becomes an
integral part of your organization and can provide an increase in productivity
of your organization.
No comments:
Post a Comment