IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft fixes critical flaws in Internet Explorer and Edge

Adobe also forced to patch up Acrobat again, while Mozilla updates Firefox

Patch Tuesday

Microsoft today released 13 bulletins for March's Patch Tuesday, five of which are critical.

The latest bulletin from Microsoft details 39 unique vulnerabilities, which appear to affect all versions of Windows from Vista onwards, but thankfully there were no zero-day flaws.

The first critical fix this month is MS16-023, a cumulative update for Internet Explorer. This patch addresses 13 vulnerabilities that could cause a remote code execution which would allow a hacker to take over the targeted machine of a user visiting a malicious website.

Microsoft's new browser, Edge, has also been affected, with MS16-024 reporting 11 vulnerabilities in total, 10 of which are critical.

There are also flaws in Windows PDF library (MS16-028), namely two remote code execution vulnerabilities that could be exploited when a user opens a malicious PDF file.

Word has also been updated (MS16-029). A flaw here enables a hacker to remotely execute code on target machines. There are six other updates affecting Windows components, including Kernel-Mode Drivers, USB Mass Storage Class Driver, Secondary Logon, and OLE.

Adobe also put out a number of fixes for its products today, releasing APSB16-09 to fix three critical vulnerabilities in Adobe Reader and Acrobat.

Mozilla got on the security update action as well with the release of Firefox 45, which fixes 22 vulnerabilities in its browser.

"There are no zero-days or immediately exploitable vulnerabilities this month but apply these patches as quickly as possible anyway. We have seen attackers convert vulnerabilities into exploits quickly, often needing less than 10 days," said Wolfgang Kandek, CTO of Qualys.

Craig Young, security researcher at Tripwire, said that systems administrators will be relieved that the March bulletin is generally straightforward, as it does not contain patches for any of the typically complex environments such as Exchange and Share Point. 

"While it is still imperative that users deploy the patches as soon as possible, it is nice to see that none of the issues fixed this month were publicly disclosed or exploited ahead of the patch drop," he said.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Adobe forced to patch its own failed security update
bugs

Adobe forced to patch its own failed security update

18 Feb 2022
Chrome vs Firefox vs Microsoft Edge
web browser

Chrome vs Firefox vs Microsoft Edge

8 Dec 2021
Firefox 95 boosts protection against zero-day attacks
web browser

Firefox 95 boosts protection against zero-day attacks

7 Dec 2021
Mozilla to end support for Firefox Lockwise password manager
web browser

Mozilla to end support for Firefox Lockwise password manager

24 Nov 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022