Patch Tuesday: Microsoft Security Bulletin Summary for April 2016

  • Post author:
  • Reading time:7 mins read

resizedfinal

Microsoft April 2016 Patch Tuesday brings 13 security bulletins including one bulletin for Adobe Flash Playeraddressing a total of 29 vulnerabilities. Microsoft also addresses a crucial Zero-Day vulnerability, popularly known as Badlock, in SAM and LSAD Remote Protocols CVE-2016-0128 which allows elevation of privileges.

This month high priority fix are for Internet Explorer and Microsoft Edge which together addresses 11 out of 29 vulnerabilities.

This month 6 bulletins are rated as Critical: MS16-037 for Internet Explorer, MS16-038 for Microsoft Edge, MS16-039 for Graphic Component, MS16-040 for XML Core Services, MS16-042 for Microsoft Office and MS16-050 for Adobe Flash Player.

Critical security updates addresses security issues in Internet Explorer 9 to Internet Explorer 11Microsoft EdgeMicrosoft Graphics ComponentXML Core ServicesMicrosoft
Office
 and Adobe Flash Player. All of them potentially allow Remote Code Execution. Even though .NET FrameworkWindows OLE and Windows Hyper-V are marked as Important they also allow Remote Code Execution. Overall 9 out of 13 bulletins allow Remote Code Execution, hence these bulletins are of high priority for deploying patches.

The other 4 important security updates address issues in Secondary LogonSAM and LSAD Remote ProtocolsCSRSS and HTTP.sys.

Microsoft security bulletin summary for April 2016 in order of severity.

MS16-037: Vulnerabilities in Internet Explorer (3148531)
Severity Rating: Critical
Affected Software: Internet Explorer
Impact: Remote Code Execution

MS16-038: Vulnerabilities in Microsoft Edge (3148532)
Severity Rating: Critical
Affected Software: Microsoft Edge
Impact: Remote Code Execution

MS16-039: Vulnerabilities in Microsoft Graphics Component (3148522)
Severity Rating: Critical
Affected Software: Microsoft Graphics Component
Impact: Remote Code Execution

MS16-040: Vulnerabilities in Microsoft XML Core Services (3148541)
Severity Rating: Critical
Affected Software: Microsoft XML Core Services
Impact: Remote Code Execution

MS16-041: Vulnerabilities in .NET Framework (3148789)
Severity Rating: Important
Affected Software: .NET Framework
Impact: Remote Code Execution

MS16-042Vulnerabilities in Microsoft Office (3148775)
Severity Rating: Critical
Affected Software: Microsoft Office
Impact: Remote Code Execution

MS16-050Vulnerabilities in Adobe Flash Player (3154132)
Severity Rating: Critical
Affected Software: Adobe Flash Player
Impact: Remote Code Execution

MS16-044Vulnerabilities in Windows OLE (3146706)
Severity Rating: Important
Affected Software: Windows OLE
Impact: Remote Code Execution

MS16-045Vulnerabilities in Windows Hyper-V (3143118)
Severity Rating: Important
Affected Software: Windows Hyper-V
Impact: Remote Code Execution

MS16-046Vulnerabilities in Secondary Logon (3148538)
Severity Rating: Important
Affected Software: Secondary Logon
Impact: Elevation of Privilege

MS16-047Vulnerabilities in SAM and LSAD Remote Protocols (3148527)
Severity Rating: Important
Affected Software: SAM and LSAD Remote Protocols
Impact: Elevation of Privilege

MS16-048Vulnerabilities in CSRSS (3148528)
Severity Rating: Important
Affected Software: Client-Server Run-time Subsystem (CSRSS)
Impact: Security Feature Bypass

MS16-049Vulnerabilities in HTTP.sys (3148795)
Severity Rating: Important
Affected Software: HTTP 2.0 protocol stack (HTTP.sys)
Impact: Denial of Service

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.

– Shakeel Bhat

Share this article