Microsoft has released a comprehensive security bulletin for the month of January 2016 detailing all known vulnerabilities in their products and the updates that address these vulnerabilities. A total of 13 updates have been reported, with 31 vulnerabilities addressed. The software products that this update addressed include Internet Explorer, Microsoft Edge, Microsoft Graphics Component, Microsoft XML Core Services, .NET Framework, Microsoft Office, and several others. Users and administrators are advised to patch and update their products with immediate effect.
Details of the Vulnerabilities
Microsoft has listed the following bulletins with the number of vulnerabilities in each given next to it.
- Cumulative Security Update for Internet Explorer – 6
- Cumulative Security Update for Microsoft Edge – 6
- Security Update for Microsoft Graphics Component – 4
- Security Update for Microsoft XML Core Services – 1
- Security Update for .NET Framework – 1
- Security Update for Microsoft Office – 4
- Security Update for Windows OLE – 1
- Security Update for Windows Hyper-V – 3
- Security Update for Secondary Logon – 1
- Security Update for SAM and LSAD Remote Protocols – 1
- Security Update for CSRSS – 1
- Security Update for HTTP.sys – 1
- Security Update for Adobe Flash Player – 1
Recommended Course of Action
Users of all Microsoft Products are encouraged to allow the Windows Update to be run automatically, and Update and Restart their computers in order to download and apply fixes as necessary. Administrators are encouraged to schedule updates as frequently as possible to avoid computers on their networks being compromised. For specific software products not updated with Windows Update, it is recommended that these are updated to the newest available version.
The Summary Bulletin for Microsoft’s January 2016 bulletins, numbered MS16-037 to MS16 042 and MS16-044 to MS16-050 can be found on the page https://technet.microsoft.com/en-us/library/security/ms16-Apr. This page summarises the impact of the vulnerabilities that have been addressed and highlights the updates that have been released. This page also links to the individual bulletin pages.