Remote Code Execution: All Versions Of Windows Hit By ‘Severe’ Security Vulnerabilities

Share this…

Short Bytes: As a part the latest Patch Tuesday, Microsoft released 13 security patches for all version of Windows and other software like Microsoft Office, IE, Flash etc. Out of these, 6 vulnerabilities were rated critical and demanded immediate attention from your side.

Windows is hit by major vulnerabilities that affect all supported version of Windows operating system. In its latest Patch Tuesday security bulletin, Microsoft said that the users of Windows Vista and later should immediately patch their systems to guard themselves against these serious security flaws. The company provides this information to help customers prioritize monthly security updates with any non-security updates.

Remote Code Execution: All Versions Of Windows Hit By ‘Severe’ Security Vulnerabilities

The monthly release lists 13 security threats, including 6 critical vulnerabilities for remote code execution. The other 7 flaws deal with the denial of service, security feature bypassing, and elevation of privileges. These vulnerabilities confirm the outcome of a recent research that shows how more than 85% threats in Windows can be mitigated by revoking the administrative rights.

Labeled critical, MS16-009 deals with the vulnerabilities in Internet Explorer. If a user visits a specially crafted webpage using the browser, this flaw could allow remote code execution. The attacker could also gain the same user rights as the current user and install programs, view or delete data, or create new user accounts with full rights.

MS16-011 is a critical vulnerability that affects Microsoft Edge and affects the system just like MS16-009.

MS16-012 is a critical security update for Microsoft Windows PDF library. If the library improperly handles the API calls, an attacker can run arbitrary code to gain user rights.

Similar remote execution risks are posed by other threats that are patched by MS16-013, MS16-015, and MS16-022 fixes.

The list of affected software by these vulnerabilities includes Microsoft Windows (all supported versions), Microsoft Edge, Internet Explorer, Microsoft Office, Microsoft Office Services and Web Apps, Microsoft Server Software, Microsoft .NET Framework, and Adobe Flash Player.

These flaws were privately reported to Redmond and are not thought to have been exploited by attackers. You can read about these security updates in detail at Microsoft’s website.