Happy Holidays, everyone! If you are a regular reader of Komando.com, you should know by now that Microsoft issues a set of cumulative updates once a month. This day, which usually falls on the second Tuesday of each month, is unofficially called Patch or Update Tuesday by tech fans and savvy Windows PC users alike.
It's not exactly a big red-letter day for the tech industry but IT professionals and regular consumers mindful of computer security are always eager to know what each Patch Tuesday brings. These updates usually contain bug fixes, security patches and malware database refreshes for supported Windows operating systems and a slew of Microsoft software products.
December 2016 Microsoft Updates
We recommend that you check this month's Microsoft's patches as soon as possible since they close three publicly disclosed vulnerabilities. Although being publicly known does not necessarily mean that these flaws are being actively exploited, it does give hackers a head start.
MS16-144 addresses bugs in Internet Explorer, which can allow remote code execution. Three of these flaws are publicly known:
CVE-2016-7282 – a browser information disclosure vulnerability
CVE-2016-7281 – a browser security feature bypass bug
CVE-2016-7202 – a scripting engine memory corruption vulnerability
MS16-145 is a Microsoft Edge update that patches flaws in object handling in memory that can lead to remote code execution. Similar to the Internet Explorer flaws, three of these are publicly disclosed:
CVE-2016-7206 and CVE-2016-7282 - a browser information disclosure vulnerability
CVE-2016-7281 - a browser security feature bypass bug
MS16-146 fixes holes in Windows Graphics Components that can lead to remote code execution and information disclosure.
MS16-147 patches a remote code execution hole in Microsoft Uniscribe's object handling in memory.
MS16-148 is a cumulative update to fix security flaws in Microsoft Office, which can lead to remote code execution. These whopping 16 vulnerabilities include memory corruption bugs, security feature bypass flaws, Office information disclosure and an elevation of privilege bug in Microsoft AutoUpdate.
The most critical of this set of updates is MS16-154 which patches 17 flaws including a fix for a zero-day exploit. As you may well know, zero-day vulnerabilities are previously unknown software exploits that are already being used by hackers even before the software makers are made aware of them, so make sure you apply this patch especially if you're still using Adobe Flash.
A small update in this batch is not a security patch but a software fix that may interest quite a few users. This update, KB3206632, fixes a Wi-Fi connection issue reported for Windows 10.
Adobe Patch Tuesday
Similar to Microsoft's update cycle, Adobe also has their own Patch Tuesday for patching and fixing flaws in their software products.
Other critical Adobe Flash patches include buffer overflow and memory corruption vulnerabilities, which can all lead to remote code execution.
How to update Windows
Most Windows machines are set to download and install updates automatically by default. If you haven't changed your automatic update settings then you should be fine.
But if you want to check, here's how:
On Windows 10, click Start (Windows logo), choose "Settings," select "Update & Security," then on the "Windows Update" section, click on "Advanced Options." (Note: the "Windows Update" section is also handy for showing you updates that are currently being downloaded or applied.) Under "Advanced Options," just make sure the drop down box is set to "Automatic."
If you have an older Vista or Windows 7 system, check out our tips on how to set up and check Windows Updates.
For Chrome, Internet Explorer 11, and Microsoft Edge browsers, the updates should be applied automatically after a restart. For other browsers, you may need to update the Flash plugin manually.
--> Click here to use our Adobe Flash Update Tool guide for download and install instructions.
The latest Flash Player version for Windows, Mac, Chrome, Microsoft Edge and Internet Explorer 11 and Linux is 220.127.116.11.