2016 Closes Out Patch Tuesday with 12 December Updates

Because everyone deserves a little good news this time of year, let’s start this month’s Patch Tuesday analysis on the bright side. In the 12 security updates released by Microsoft today, there are currently no active exploits. However, the 6 bulletins that have been rated critical are executed when an unsuspecting user opens a malicious file. With the 12-days of Christmas quickly approaching and your out-of-the-ordinary activity likely at all-time highs, remind your users to be careful what they open; there is no shortage of holiday grinches out there.

Before diving into this month’s bulletins, it’s worth a quick look back to last year at this time. In 2015, Microsoft released just 135 total security bulletins. With 155 updates this year, the company has definitely been busy keeping their product lines – and your systems – safe. IT pros can consider it job security. Microsoft has announced some changes to the Patch Tuesday process for 2017 so as that transition starts to take place, we will be sure to keep you updated. But for now, it’s back to December…

Microsoft has been extremely busy this month addressing 35 vulnerabilities in just three bulletins.  They spent a lot of time fixing these issues and so should you.  MS16-144 is a critical, cumulative update that address 8 CVEs in Internet Explorer. Likewise, MS16-145 is another critical, cumulative update for 11 CVEs in Edge. MS16-148 is a critical update for Office that resolves 16 vulnerabilities.   Online browsing by employees will be at an all-time high around the holidays; the chances of encountering malicious websites and files that exploit these vulnerabilities are heightened, so address these bulletins quickly.

Also this month is another update for Adobe Flash Player. Like last month, Microsoft addresses vulnerabilities for both desktop and server applications, this time in MS16-154, which is described by Adobe in APSB16-39.

Microsoft continues to update their Graphics Component in all current versions of Windows addressing 3 CVEs in MS16-146.  Rounding out this month’s critical bulletins is MS16-147 which updates Uniscribe. It is a critical update and one you’ll definitely want to address if your users rely on these services.

Best wishes for a happy and secure holiday season from all of us here at HEAT Software!