Microsoft fixes critical flaws in Internet Explorer and Edge

Adobe also forced to patch up Acrobat again, while Mozilla updates Firefox

Patch Tuesday

Microsoft today released 13 bulletins for March's Patch Tuesday, five of which are critical.

The latest bulletin from Microsoft details 39 unique vulnerabilities, which appear to affect all versions of Windows from Vista onwards, but thankfully there were no zero-day flaws.

The first critical fix this month is MS16-023, a cumulative update for Internet Explorer. This patch addresses 13 vulnerabilities that could cause a remote code execution which would allow a hacker to take over the targeted machine of a user visiting a malicious website.

Microsoft's new browser, Edge, has also been affected, with MS16-024 reporting 11 vulnerabilities in total, 10 of which are critical.

Advertisement - Article continues below

There are also flaws in Windows PDF library (MS16-028), namely two remote code execution vulnerabilities that could be exploited when a user opens a malicious PDF file.

Word has also been updated (MS16-029). A flaw here enables a hacker to remotely execute code on target machines. There are six other updates affecting Windows components, including Kernel-Mode Drivers, USB Mass Storage Class Driver, Secondary Logon, and OLE.

Adobe also put out a number of fixes for its products today, releasing APSB16-09 to fix three critical vulnerabilities in Adobe Reader and Acrobat.

Mozilla got on the security update action as well with the release of Firefox 45, which fixes 22 vulnerabilities in its browser.

"There are no zero-days or immediately exploitable vulnerabilities this month but apply these patches as quickly as possible anyway. We have seen attackers convert vulnerabilities into exploits quickly, often needing less than 10 days," said Wolfgang Kandek, CTO of Qualys.

Craig Young, security researcher at Tripwire, said that systems administrators will be relieved that the March bulletin is generally straightforward, as it does not contain patches for any of the typically complex environments such as Exchange and Share Point. 

"While it is still imperative that users deploy the patches as soon as possible, it is nice to see that none of the issues fixed this month were publicly disclosed or exploited ahead of the patch drop," he said.

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now



Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Business strategy

Adobe shuts down service to Venezuela

9 Oct 2019
web browser

How to enable private browsing on any browser

25 Jun 2019
web browser

Google Chrome vs Firefox vs Microsoft Edge

30 Apr 2019

Most Popular

digital transformation

Boston Dynamics dog-like robots sniff out bombs for Massachusetts police

26 Nov 2019
mergers and acquisitions

Xerox threatens hostile takeover after HP rebuffs $30bn takeover

22 Nov 2019
data breaches

T-Mobile data breach affects more than a million users

25 Nov 2019
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019