Microsoft patches 5 Critical security issues in Windows, Office; some were being exploited


#Microsoft #OfficeMicrosoft patches 5 Critical security issues in Windows, Office; some were being exploited : Every month Microsoft publishes a large number of fixes, improvements and patches for its software, on a day known as Patch Tuesday.

As part of that, Microsoft released Windows 10 build 14393.321 via a cumulative update last night. We’ve already seen the numerous features and improvements that are part of the package, but here’s whats new in terms of security.

On Tuesday, Microsoft released 10 patches for its Windows operating systems, Office suite and other important pieces of software. Out of those, five were deemed to be critical, and at least two exploits were already being used in the wild. Here they are:

MS16-118 addresses vulnerabilities in different versions of Internet Explorer. These could allow for remote code execution and escalation of privileges if the user viewed a maliciously crafted webpage. One of the vulnerabilities fixed herein allowed for an attacker to verify the presence of a specific file on the system thanks to an information disclosure flaw. This was being exploited in the wild.

MS16-119 fixed similar flaws for the Edge browser, where a vulnerability could allow for escalation of privileges and remote code execution. The update hits on a number of different levels, changing how Edge and its Javascript engine handle objects in memory, restricting what information Edge can call on, changing how the browser stores credentials and so on.

MS16-120 is another critical flaw, related to the Microsoft Graphics Component. This affected all versions of Windows, Office 2007 and 2010, Skype for Business 2016, Silverlight and Lync 2013 and 2010, as well as .NET.

If a user visited a malicious website it could trigger remote code execution. The flaw could also be exploited by opening a specially-designed file. Some of the vulnerabilities patched here were already being exploited in the wild.