Microsoft fixes critical flaws in Internet Explorer and Edge

Adobe also forced to patch up Acrobat again, while Mozilla updates Firefox

Patch Tuesday

Microsoft today released 13 bulletins for March's Patch Tuesday, five of which are critical.

The latest bulletin from Microsoft details 39 unique vulnerabilities, which appear to affect all versions of Windows from Vista onwards, but thankfully there were no zero-day flaws.

The first critical fix this month is MS16-023, a cumulative update for Internet Explorer. This patch addresses 13 vulnerabilities that could cause a remote code execution which would allow a hacker to take over the targeted machine of a user visiting a malicious website.

Microsoft's new browser, Edge, has also been affected, with MS16-024 reporting 11 vulnerabilities in total, 10 of which are critical.

Advertisement - Article continues below
Advertisement - Article continues below

There are also flaws in Windows PDF library (MS16-028), namely two remote code execution vulnerabilities that could be exploited when a user opens a malicious PDF file.

Word has also been updated (MS16-029). A flaw here enables a hacker to remotely execute code on target machines. There are six other updates affecting Windows components, including Kernel-Mode Drivers, USB Mass Storage Class Driver, Secondary Logon, and OLE.

Adobe also put out a number of fixes for its products today, releasing APSB16-09 to fix three critical vulnerabilities in Adobe Reader and Acrobat.

Mozilla got on the security update action as well with the release of Firefox 45, which fixes 22 vulnerabilities in its browser.

"There are no zero-days or immediately exploitable vulnerabilities this month but apply these patches as quickly as possible anyway. We have seen attackers convert vulnerabilities into exploits quickly, often needing less than 10 days," said Wolfgang Kandek, CTO of Qualys.

Craig Young, security researcher at Tripwire, said that systems administrators will be relieved that the March bulletin is generally straightforward, as it does not contain patches for any of the typically complex environments such as Exchange and Share Point. 

Advertisement - Article continues below

"While it is still imperative that users deploy the patches as soon as possible, it is nice to see that none of the issues fixed this month were publicly disclosed or exploited ahead of the patch drop," he said.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Business strategy

Adobe shuts down service to Venezuela

9 Oct 2019
web browser

How to enable private browsing on any browser

25 Jun 2019

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020

Openreach offers free full-fibre installation for thousands of homes

14 Jan 2020