Get your update caps on, it's that time of the month everyone! Patch/Update Tuesday came and went yesterday and Microsoft and Adobe issued their usual monthly software patches to fix various vulnerabilities.
As we all know, it's important to update your software and apply the new patches as soon as possible to prevent attackers and hackers from exploiting these holes.
Microsoft issued 14 security bulletins yesterday that patched 47 vulnerabilities including seven marked as critical.
The updates include fixes for the Internet Explorer and Microsoft Edge browsers, Microsoft Office, Microsoft Exchange Server, Microsoft Graphics Component, Silverlight, and various components of the Windows OS. They also deployed patches for the Windows PDF Library and the Adobe Flash Player.
Ten of these security holes could lead to remote code execution so it's imperative that users update immediately.
One particular update for Internet Explorer 9 through 11 and the Microsoft Edge browser, CVE-2016-3351, is extremely critical since it is a zero-day exploit, meaning the hole is already being exploited in the wild. This vulnerability is reported to be in use by attackers for embedding malicious ads in websites that lead to ransomware installations if clicked on.
The other browser patches resolve memory corruption and information disclosure vulnerabilities while the updates for Exchange Server, Silverlight, and the scripting engines prevent remote code execution.
The security updates for Microsoft Office likewise resolves memory corruption and information disclosure vulnerabilities and one patch, CVE-2016-0137, is said to be a 10-year-old issue that allows hackers to bypass the protection mechanism in the Click-to-Run components of Microsoft Office.