The lazy days of summer are definitely over as Microsoft released 14 bulletins in today’s September Patch Tuesday. There are 7 updates rated critical so it is time to get to work. The bulletins also include an update for Adobe Flash Player that’s important for most Windows users to address so all in all, it’s a big month.
You will likely want to start with the update that addresses vulnerabilities under active exploit in all current versions of Internet Explorer. If your users still rely on the popular browser, apply cumulative update MS16-104 right away. You never know when one of your users may hit a malicious webpage resulting in unwanted code execution. While you’re at it, you might as well address MS16-116 too; it is a critical update in the OLE Automation for VBScript that also requires the patch provided by MS16-104. For those of you that use Microsoft Edge, that browser also has a cumulative update this month with MS16-105 and it too is rated critical.
Next on your list should be MS16-107, a critical update for most versions of Microsoft Office, including Office for Mac. A remote code execution could result if a user opens a malicious Office file using the widely used programs Excel, Outlook or PowerPoint.
Third in priority is MS16-117 which is a critical security update for Adobe Flash Player described in APSB16-29. The 29 unique vulnerabilities impact Flash when installed on recent versions of Windows including 8.1, Server 2012, RT 8.1 and 10.
There are 2 additional bulletins with the rating of critical this month. MS16-106 is a security update for Microsoft Graphics Component on all systems and MS16-108 resolves vulnerabilities found in Exchange Server.
The remainder of the bulletins are rated important and should be addressed as time permits. Lots of potential work for IT this month as our summer draws to an end.