A fresh dose of Patch Tuesday updates arrived yesterday, 11 bulletins fixed a total of 52 security vulnerabilities in Windows, Internet Explorer, Edge, Office, .NET framework and an update for Adobe Flash Player. Six bulletins are rated as critical, the other five are marked as important.
MS16-092 and MS16-089 address vulnerabilities found in the Windows kernel. While the first flaw is found on all Windows and Windows Server versions, the second one only relates to Windows 10. The flaws addressed, would have allowed for the disclosure of information on the target machine.
MS16-090 addresses security flaws that would allow an attacker to elevate privileges, by taking advantage of a flaw in all Windows and Windows Server versions.
MS16-094 addresses a flaw that would allow an attacker to Windows Secure Boot and BitLocker disk encryption. If the attacker had physical access to a machine, or had remote admin privileges he could disable these security mechanisms and load executables on the target machine.
MS16-084 and MS16-085 address a myriad of flaws in Internet Explorer and the Edge browser. Between them they address 28 vulnerabilities, many of which would allow for malware infections of the PC if the user visited maliciously crafted websites.
Speaking of malware infections, MS16-093 is a cumulative update for Adobe Flash Player, that addresses 24 flaws. Those on Windows 8.1 and newer are getting this update from Microsoft but those on older versions of Windows need to install this patch manually from Adobe.
Finally, there’s MS16-087, which is a very interesting one as it basically addresses a vulnerability that allows a print server or the network to spew malware at all connected PCs. Microsoft says that an attacker could take advantage of flaws in the Windows Print Spooler service, elevate his privileges and then install programs or access data on network-connected systems.