Cisco Blogs
Share

Microsoft Patch Tuesday – April 2016

- April 12, 2016 - 2 Comments

Patch Tuesday for April has arrived with Microsoft releasing their latest monthly set of security bulletins to address security vulnerabilities in their products. This month’s release contains 13 bulletins relating to 31 vulnerabilities. Six bulletins address vulnerabilities rated as critical in Edge, Graphic Components, Internet Explorer, XML Core Service, Microsoft Office and Adobe Flash Player. The remaining seven bulletins address important vulnerabilities in Hyper-V, Microsoft Office and other Windows components.

Bulletins Rated Critical

Bulletins MS16-037 through MS16-040 and bulletins MS16-042, MS16-050 are rated as critical in this month’s release.

MS16-037 is related to six vulnerabilities in Internet Explorer. The most severe vulnerabilities allow an attacker to craft a website that executes arbitrary code on the victim’s device due to the memory corruption vulnerabilities in the browser. The attacker would be limited to executing code with same administrative rights as the current user, but with many users having full administrator rights, an attacker could use this to take full control of a device. To exploit the vulnerability the attacker must get the victim to view attacker controlled content. Previously, this has not proved a major limitation for attackers. Attackers have proved adept at sending spam messages, compromising legitimate websites and abusing web advertising networks to redirect users to malicious websites.

Read more >>

Tags:

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

2 Comments

  1. How about patch for MS16-036? When is cisco planning to release sourcefire rules for this? https://technet.microsoft.com/en-us/library/security/ms16-036.aspx

    • MS16-036 is the Adobe Flash Player security bulletin for Windows. Rules for this bulletin have already been released and are at the bottom of the blog post.