February 2016 Patch Tuesday Includes Critical Fixes for IE Vulnerabilities; Adobe Releases Updates for Flash Player

For this month’s Patch Tuesday, Microsoft released 13 security bulletins addressing vulnerabilities in Internet Explorer, Microsoft Windows, and Microsoft Edge among others. Out of these bulletins 6 are tagged as Critical while 7 are marked as Important.

One of the critical bulletins (MS16-009) resolves issues affecting older versions of Internet Explorer (IE 9, 10) as well as IE 11. When exploited successfully, it could lead to remote code execution thus compromising the security of the system. Last month, Microsoft announced that it will have limited support for older versions of IE, and encouraged users to upgrade to the latest version, which is currently IE 11. This highlights the importance of using the latest version of software whenever possible.

Microsoft Edge also has critical vulnerabilities which can also result to remote code execution once successfully exploited. Another notable security bulletin for this month’s cycle is MS16-015, which fixes flaws in Microsoft Office. Attackers can execute arbitrary code when they leverage these vulnerabilities.

Adobe also rolled out several patches for Adobe Connect, Adobe Experience Manager, Adobe Flash Player, and Adobe Photoshop CC and Bridge CC. Several of the bugs found in Flash Player are considered as critical vulnerabilities that may lead to attackers compromising the system or taking full control of the affected systems. As best practice, it is highly advisable to update systems with the latest patches to protect it from possible exploits.

Trend Micro solutions

Trend Micro Deep Security and Vulnerability Protection protect user systems from any threats that may leverage these vulnerabilities via the following DPI rules:

1007381 – Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS15-132)
1007405 – Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0060)
1007406 – Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0061)
1007407 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0063)
1007408 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0064)
1007409 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0067)
1007410 – Microsoft Internet Explorer Elevation Of Privilege Vulnerability (CVE-2016-0068)
1007411 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0071)
1007412 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0072)
1007415 – Microsoft Windows Reader Vulnerability (CVE-2016-0046)
1007416 – Microsoft PDF Library Buffer Overflow Vulnerability (CVE-2016-0058)
1007417 – Microsoft Windows Journal Memory Corruption vulnerability (CVE-2016-0038)
1007418 – Microsoft Office Memory Corruption Vulnerability (CVE-2016-0022)
1007419 – Microsoft Office Memory Corruption Vulnerability (CVE-2016-0052)
1007420 – Microsoft Office Memory Corruption Vulnerability (CVE-2016-0053)
1007421 – Microsoft Office Memory Corruption Vulnerability (CVE-2016-0054)
1007422 – Microsoft Office Memory Corruption Vulnerability (CVE-2016-0055)
1007423 – Microsoft Office Memory Corruption Vulnerability (CVE-2016-0056)
1007426 – Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-014)
1007427 – Microsoft Windows DLL Loading Vulnerabilities Over WebDAV (MS16-014)
1007428 – Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-0059)
1007429 – Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0062)
1007430 – Microsoft .NET Framework Stack Overflow Denial Of Service Vulnerability (CVE-2016-0033)
1007431 – Microsoft Edge ASLR Bypass Vulnerability (CVE-2016-0080)