Microsoft released quite a few updates for the month of October. Several are affecting a wide range of software and components including Windows, Internet Explorer, Microsoft Edge, Microsoft .NET Framework, Office, Skype for Business, Lync, Office Web Apps and Adobe Flash Player.
Patch Tuesday Updates for October 2016
Web browser updates for Internet Explorer and Microsoft Edge resolve severe vulnerabilities and exploits, which include remote code execution from a specially crafted page, designed to gain user access. Microsoft video and graphics components both receive patches for vulnerabilities found that could allow an attacker to exploit and run arbitrary code.
Microsoft Office, the company’s productivity suite, which includes, Word, Excel and PowerPoint gets an update, which resolves an Office RTF remote code execution vulnerability; when the Office software fails to properly handle RTF files.
Several updates affect components in Windows at the kernel level, which is the heart of Windows, each of which grants elevation of user privileges. Other areas include the Windows Registry and Diagnostics hub. The Microsoft Internet Messaging API utilized by applications such as Lync and Skype gets an update for a vulnerability found in how objects in memory are handled.
If you still use Flash, there is also an update for that too. Since Windows 8, Microsoft started bundling the fading web technology. A security update is available that resolves vulnerabilities found. Affected platforms include Windows 8/8.1/RT, Server 2012/R2 and Windows 10.
Today’s Patch Tuesday, sees the first introduction of a new rollup methodology for patching Microsoft operating systems and products going forward. The new servicing model applies to Windows 7 Service Pack 1 and later versions, which primarily affects how IT admins responsible for deploying updates to a fleet of PCs in an organization.
Although some may say — “Wow Microsoft, that’s a lot of security issues. What’s wrong with your software!”, I have a different perspective. All software has bugs including security exploits. No exception. I personally appreciate both the transparency and investment Microsoft has put into its robust security research, update, communication and of course updates. It really does make the world a better place when you consider the billions of users who are running Microsoft products.
So, for these latest updates, the best way to get them if you’re reading this from a business machine is to remind your local IT admins to please approve all these updates on their patching system (AKA WSUS, SCCM or GFI etc…). If you’re a home user, good news is Windows Updates has probably already downloaded the patches and applied them. If you want to check, feel free to update manually by Clicking Start Menu > Settings > Update and Security. If updates are available, you will be prompted to install them.
Finally, if you are still experiencing issues upgrading to Windows 10 or the Anniversary Update; Microsoft released a comprehensive and handy piece of documentation with details for troubleshooting upgrade errors.