Security Bulletin Deals With Critical Issues On Microsoft Products

Over forty vulnerabilities were fixed by Microsoft in its products recently. These vulnerabilities include critical issues on Internet Explorer, Windows, Office and Edge.

Sixteen security bulletins, with six considered critical, were covered in the recent fix. The last six months saw a total of over 160 security bulletins issued by Microsoft, which is the biggest for a six-month period in the last ten years. It is necessary for companies using Windows servers to prioritize a patch for a critical remote code execution vulnerability for the Microsoft DNS Server component. The fix is covered under the MS16-071 bulletin.

The vulnerability can be exploited by attackers though a specially-designed DNS request to servers running Windows Server 2012 and Server 2012 R2.

Qualys CTO Wolfgang Kandek revealed in a blog post that the effect of the vulnerability is extremely troublesome since it affects a mission critical service like DNA. The post added that companies using the same machine for the Active Directory and DNS server will have to be more aware of the risk involve in the vulnerability.

Security Bulletin Deals With Critical Issues On Microsoft Products

Security Bulletin Deals With Critical Issues On Microsoft Products - image credit: Bloomberg.com

Users should also consider the critical bulletin for Edge and Internet Explorer crucial since they involve flaws in the remote execution code. These flaws can be exploited when a specially designed website is visited. The critical bulletin for Edge and Internet Explorer are MS16-068 and MS16-063, respectively.

The security bulletin, MS16-070, for Microsoft Office should also be considered important since Office Suite applications are typically targeted by attackers using malicious email attachments.

Kandek considers the remote code execution flaw as the most important vulnerability in the security bulleting for MS Office. The flaw is monitored as CVE-2016-0025 and is based on the RTF format of MS Word. He said a simple e-mail can trigger the flaw since an RTF can be used to attack the preview pane of MS Outlook.

While ten security bulleting were considered important, it is necessary for companies to evaluate these bulletins based on their own environments since some of them may be considered essential for some of their assets.

Posted by on Wednesday June 15 2016, 12:41 PM EST. All trademarks acknowledged. Filed under Technology. Comments and Trackbacks closed. Follow responses: RSS 2.0

Comments are closed

Featured Press Releases

Log in