Yesterday Microsoft released the latest version of Windows 10 to everyone, in the form of an update that bumps the OS version number up to 10586.494. While this update provides a number of fixes and feature improvements for Windows 10, it also brings important security patches, including six that are rated “critical”.
Being part of Patch Tuesday, yesterday’s update rollout addresses security flaws in the Windows kernel, the Edge browser, the way BitLocker works and the way Windows handles printer drivers. All in all 52 vulnerabilities were addressed by this recent wave of patches, the vast majority of which allowed for remote code execution on affected machines.
While you can find the full list of vulnerabilities addressed by Microsoft here, you can check out the highlights of this Patch Tuesday below:
- MS16-092 and MS16-089 address vulnerabilities found in the Windows kernel. While the first flaw is found on all Windows and Windows Server versions, the second one only relates to Windows 10. The flaws addressed, would have allowed for the disclosure of information on the target machine.
- MS16-090 addresses security flaws that would allow an attacker to elevate privileges, by taking advantage of a flaw in all Windows and Windows Server versions.
- MS16-094 addresses a flaw that would allow an attacker to Windows Secure Boot and BitLocker disk encryption. If the attacker had physical access to a machine, or had remote admin privileges he could disable these security mechanisms and load executables on the target machine.
- MS16-084 and MS16-085 address a myriad of flaws in Internet Explorer and the Edge browser. Between them they address 28 vulnerabilities, many of which would allow for malware infections of the PC if the user visited maliciously crafted websites.
- Speaking of malware infections, MS16-093 is a cumulative update for Adobe Flash Player, that addresses 24 flaws. Those on Windows 8.1 and newer are getting this update from Microsoft but those on older versions of Windows need to install this patch manually from Adobe.
- Finally, there’s MS16-087, which is a very interesting one as it basically addresses a vulnerability that allows a print server or the network to spew malware at all connected PCs. Microsoft says that an attacker could take advantage of flaws in the Windows Print Spooler service, elevate his privileges and then install programs or access data on network-connected systems.
As usual, we recommend you install these updates as quickly as possible and take advantage of the important security work that Microsoft and its partners are doing.