Microsoft April 2016 Patch Tuesday brings 13 security bulletins including one bulletin for Adobe Flash Player, addressing a total of 29 vulnerabilities. Microsoft also addresses a crucial Zero-Day vulnerability, popularly known as Badlock, in SAM and LSAD Remote Protocols CVE-2016-0128 which allows elevation of privileges.
This month high priority fix are for Internet Explorer and Microsoft Edge which together addresses 11 out of 29 vulnerabilities.
This month 6 bulletins are rated as Critical: MS16-037 for Internet Explorer, MS16-038 for Microsoft Edge, MS16-039 for Graphic Component, MS16-040 for XML Core Services, MS16-042 for Microsoft Office and MS16-050 for Adobe Flash Player.
Critical security updates addresses security issues in Internet Explorer 9 to Internet Explorer 11, Microsoft Edge, Microsoft Graphics Component, XML Core Services, Microsoft
Office and Adobe Flash Player. All of them potentially allow Remote Code Execution. Even though .NET Framework, Windows OLE and Windows Hyper-V are marked as Important they also allow Remote Code Execution. Overall 9 out of 13 bulletins allow Remote Code Execution, hence these bulletins are of high priority for deploying patches.
The other 4 important security updates address issues in Secondary Logon, SAM and LSAD Remote Protocols, CSRSS and HTTP.sys.
Microsoft security bulletin summary for April 2016 in order of severity.
MS16-037: Vulnerabilities in Internet Explorer (3148531)
Severity Rating: Critical
Affected Software: Internet Explorer
Impact: Remote Code Execution
MS16-038: Vulnerabilities in Microsoft Edge (3148532)
Severity Rating: Critical
Affected Software: Microsoft Edge
Impact: Remote Code Execution
MS16-039: Vulnerabilities in Microsoft Graphics Component (3148522)
Severity Rating: Critical
Affected Software: Microsoft Graphics Component
Impact: Remote Code Execution
MS16-040: Vulnerabilities in Microsoft XML Core Services (3148541)
Severity Rating: Critical
Affected Software: Microsoft XML Core Services
Impact: Remote Code Execution
MS16-041: Vulnerabilities in .NET Framework (3148789)
Severity Rating: Important
Affected Software: .NET Framework
Impact: Remote Code Execution
MS16-042: Vulnerabilities in Microsoft Office (3148775)
Severity Rating: Critical
Affected Software: Microsoft Office
Impact: Remote Code Execution
MS16-050: Vulnerabilities in Adobe Flash Player (3154132)
Severity Rating: Critical
Affected Software: Adobe Flash Player
Impact: Remote Code Execution
MS16-044: Vulnerabilities in Windows OLE (3146706)
Severity Rating: Important
Affected Software: Windows OLE
Impact: Remote Code Execution
MS16-045: Vulnerabilities in Windows Hyper-V (3143118)
Severity Rating: Important
Affected Software: Windows Hyper-V
Impact: Remote Code Execution
MS16-046: Vulnerabilities in Secondary Logon (3148538)
Severity Rating: Important
Affected Software: Secondary Logon
Impact: Elevation of Privilege
MS16-047: Vulnerabilities in SAM and LSAD Remote Protocols (3148527)
Severity Rating: Important
Affected Software: SAM and LSAD Remote Protocols
Impact: Elevation of Privilege
MS16-048: Vulnerabilities in CSRSS (3148528)
Severity Rating: Important
Affected Software: Client-Server Run-time Subsystem (CSRSS)
Impact: Security Feature Bypass
MS16-049: Vulnerabilities in HTTP.sys (3148795)
Severity Rating: Important
Affected Software: HTTP 2.0 protocol stack (HTTP.sys)
Impact: Denial of Service
SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.
– Shakeel Bhat