Microsoft fixes critical flaws in Internet Explorer and Edge

Adobe also forced to patch up Acrobat again, while Mozilla updates Firefox

Patch Tuesday

Microsoft today released 13 bulletins for March's Patch Tuesday, five of which are critical.

The latest bulletin from Microsoft details 39 unique vulnerabilities, which appear to affect all versions of Windows from Vista onwards, but thankfully there were no zero-day flaws.

The first critical fix this month is MS16-023, a cumulative update for Internet Explorer. This patch addresses 13 vulnerabilities that could cause a remote code execution which would allow a hacker to take over the targeted machine of a user visiting a malicious website.

Microsoft's new browser, Edge, has also been affected, with MS16-024 reporting 11 vulnerabilities in total, 10 of which are critical.

There are also flaws in Windows PDF library (MS16-028), namely two remote code execution vulnerabilities that could be exploited when a user opens a malicious PDF file.

Word has also been updated (MS16-029). A flaw here enables a hacker to remotely execute code on target machines. There are six other updates affecting Windows components, including Kernel-Mode Drivers, USB Mass Storage Class Driver, Secondary Logon, and OLE.

Adobe also put out a number of fixes for its products today, releasing APSB16-09 to fix three critical vulnerabilities in Adobe Reader and Acrobat.

Mozilla got on the security update action as well with the release of Firefox 45, which fixes 22 vulnerabilities in its browser.

"There are no zero-days or immediately exploitable vulnerabilities this month but apply these patches as quickly as possible anyway. We have seen attackers convert vulnerabilities into exploits quickly, often needing less than 10 days," said Wolfgang Kandek, CTO of Qualys.

Craig Young, security researcher at Tripwire, said that systems administrators will be relieved that the March bulletin is generally straightforward, as it does not contain patches for any of the typically complex environments such as Exchange and Share Point. 

"While it is still imperative that users deploy the patches as soon as possible, it is nice to see that none of the issues fixed this month were publicly disclosed or exploited ahead of the patch drop," he said.

Featured Resources

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Free download

The IT expert’s guide to AI and content management

How artificial intelligence and machine learning could be critical to your business

Free download

The path to CX excellence

Four stages to thrive in the experience economy

Free download

Becoming an experience-based business

Your blueprint for a strong digital foundation

Free download

Recommended

Adobe rolls out new PayPal payment options through Adobe Commerce
e commerce

Adobe rolls out new PayPal payment options through Adobe Commerce

16 Sep 2021
Signs it’s time to upgrade your CMS
Whitepaper

Signs it’s time to upgrade your CMS

23 Aug 2021
Engaging the new digital workforce blueprint
Whitepaper

Engaging the new digital workforce blueprint

23 Aug 2021
Delivering personalised content for dummies
Whitepaper

Delivering personalised content for dummies

23 Aug 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
BT conducts 'world's first' trial of quantum-secure communications
Network & Internet

BT conducts 'world's first' trial of quantum-secure communications

13 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021