If you are a Windows user, there’s an important news for you. All the supported versions of Windows are affected by a very critical security vulnerability. Microsoft itself stated in its January security bulletin that users on Windows Vista to Windows 10 should patch immediately to avoid a serious loophole in the way Windows handles some files.
The vulnerability is known by code MS16-013 and allows an attacker to run arbitrary code as the user logged in, which means that this is a riskier situation for administrator accounts. One the attacker tricks the user into opening a Journal file that is specially made with malware, the attacker can then delete data, run programs, create new Administrator accounts, etc. The vulnerability also affected Windows Server 2016 Tech Preview 4, which requires patching too.
Another vulnerability called MS16-012 allows attackers to run code on a system when the user opens a booby-trapped PDF file. This vulnerability is mostly found on Windows 10 and Windows 8.1. Then there’s MS16-015 that could provide remote access to attacker for executing code when the user opens a specially-made Office file. The MS16-022 patch fixes more than twenty four separate vulnerabilities that affect Adobe Flash Player on Windows 8.1 (all versions) and above.
Another cumulative patch for Internet Explorer (MS16-009) and Microsoft Edge for Windows 10 (MS16-011) has been released. This patch fixes the flaws that could give the attacker great access to the system. All the vulnerabilities that Microsoft reported hasn’t been used by attackers yet, so that’s something to feel relieved of. More four patches have been released- MS16-014, MS16-016, MS16-017, MS16-018, MS16-019, MS16-020, and MS16-021– these address important denial-of-service issues and more.
The February patches will be released via the usual channels.