Lync Migration Featured Article

Microsoft's Recent Patch Job Seals Several Security Slips

By Steve Anderson Contributing Writer

It's always sort of a mixed blessing to hear a large number of faults have been fixed in something that, until recently, was being used extensively. It's good to hear that the problems weren't problems any more, but imagine what a shock it would be to hear that, say, your car had 27 errors in it that were just fixed. This thing that seemed so reliable was that close to disaster, with 27 potential points of failure active that may not have even been apparent. That's what recently happened with Microsoft (News - Alert), as the company patched fully 27 separate vulnerabilities with recent efforts.

Several Microsoft products played host to the vulnerabilities, at last report, cropping up in not just Windows, but also Microsoft Office and both of Microsoft's Web browsers, Internet Explorer and Edge. The patches in question were built into nine separate security bulletins, over half of which—five, at last report—were rated “critical,” while the remaining four were classified as merely “important.” That means a fairly light but pretty vital patch bundle. The patches focused primarily on desktop Microsoft operations, but depending on deployment style used, some servers might have been impacted by this.

Microsoft went on to note that the most important package was those related to Office and the browsers, specifically MS16-099, MS16-095, and MS16-096. These three represent patching of critical vulnerabilities that could use Web pages or Office documents to bring “malicious code” elements into a system. MS16-097, meanwhile, applies to not just Windows, but Skype (News - Alert), Lync and Microsoft Office as well, offering patches for three different vulnerabilities in Windows Graphics Component. These vulnerabilities can likewise allow remote users to insert nasty code from afar, as can many of the other update packets that Microsoft released.

Qualys (News - Alert) director of vulnerability labs Amol Sarwate, however, noted that this was “...a regular sized Patch Tuesday which will keep Windows desktop administrators busy.” Though the patches don't seem to be unusually large or that large in number, they do address some critical issues in systems that are used every day.

While this is only good news in a backhanded way—no one wants to find out the car they drive every day was about 500 miles away from a critical axle failure—it's still good news. Several major security flaws have been found and addressed with relevant patches. That's good news no matter how it's sliced, though it means that these vulnerabilities have been in place for who knows how long prior, and it's only a stroke of luck or divine providence, depending on how one looks at it, that the users weren't hacked by now. Still, a problem addressed is a problem no longer, and that's good news for a lot of users.

Getting these patches in place, therefore, will be a vital activity, and if it's not already done, it should be on top of every administrator's to-do list.

Edited by Alicia Young