With Patch Tuesday winding down to a close, many of you might be seeing new updates available for your Windows PCs. Here’s whats new and fixed and why should apply these updates as soon as possible.
If you’re on Windows 10, Microsoft released a trove of updates and security patches last night, designed to improve the functionality of the company’s latest OS and keep users safe. Among the fixes from yesterday’s release are ones destined to improve how Edge handles caching in private mode, how IE 11 handles page rendering and so on. Luckily you’re getting all of these updates in a single package, dubbed KB3135173, which also pushes your Windows 10 version up to 10586.104.
But what of those not on Microsoft’s newest operating system? Fear not, for Microsoft has also released a number of patches for older operating systems. Included in this list is a patch designated as KB3136082, under the security bulletin MS16-018, which addresses vulnerabilities found in the Windows Kernel. This vulnerability could allow a local attacker to take advantage of the way Windows handles object in memory and run code in kernel mode. This could then allow the attacker to gain full access of the machine.
Luckily this patch fixes the vulnerability and is deemed as “Important” in Microsoft’s classification and should be installed on all machines running Windows Server 2008, Server 2012, Windows RT 8.1, Windows 8.1, Windows Vista and of course Windows 10.
Another fix on the list of patches, this time deemed “Critical” relates to the way Windows handles PDFs and API calls that applications can make to the OS. This vulnerability, which has now been patched, could allow an attacker to gain the same user rights as the current user on a machine. The patch is available for Windows Server 2012 R2, Windows Server 2012, Windows 8.1 and Windows 10.
On top of these fixes there’s also another security advisory out, related to Visual Studio projects that were made using the ASP.NET MVC5 or MVC6 project templates. These templates were discovered to have a vulnerability that could allow an attacker to steal a user’s phone number from web apps that use two-factor authentication. The templates have now been patched, but developers that have used them before should go back and change their code as per Microsoft’s instructions found here.
Other updates released yesterday are also deemed to be “Critical” but the company hasn’t yet published detailed information on them, though they’re related to Office, Flash and the company’s browsers.
All in all this has been an important Patch Tuesday with the multitude of fixes for Windows 10 users that were released, not to mention Microsoft’s decision to start publishing detailed change logs for updates once again.
As usual we recommend installing all the patches as soon as you can to keep you and your machines secure.