Patch Tuesday for March 2016 has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 13 bulletins addressing 44 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Edge, Graphic Fonts, Internet Explorer, Windows Media Player, and Window PDF. The remaining eight bulletins are rated important and address vulnerabilities in .NET, Office, and several other Windows components.

Bulletins Rated Critical

Microsoft bulletins MS16-023, MS16-024, MS16-026 through MS16-028, and MS16-036 are rated as critical in this month’s release.

MS16-023 and MS16-024 are this month’s Internet Explorer and Edge security bulletin respectively. In total, 24 vulnerabilities between the two bulletins were addressed with five vulnerabilities in common (meaning that both Edge and IE are affected by the same five vulnerabilities). The IE security bulletin addresses 13 memory corruption vulnerabilities while the Edge bulletin addresses 10 memory corruption flaws and one information disclosure bug that manifests as a result of Edge improperly handling referrer policy, potentially leaking the user’s request content or browsing history.



Talos Group

Talos Security Intelligence & Research Group