Microsoft patches for the months of May and June 2016 addressed and fixed a lot of vulnerabilities. In May alone, 16 bulletins were released—and eight of these were rated critical, including MS16-051 (cumulative security update for Internet Explorer), which addresses a security bypass vulnerability in the UMCI (user mode code integrity) component of the device guard when code integrity is not validated properly. Likewise, it addressed vulnerabilities like the scripting engine memory corruption, Microsoft Browser memory corruption, and Internet Explorer information disclosure.
May 2016 patching has provided security updates for VBScript and Jscript as well as for Microsoft Office, which previously showed vulnerabilities in memory and graphics RCE corruption. A security update was released for Microsoft Graphics Component regarding information disclosure and Direct3D use after free vulnerabilities. A critical update addressed the memory corruption in Windows Journal, and the remote code execution in Windows Shell, too.
Patch Tuesday for June 2016 has some similarities to the updates provided by Microsoft in the past several months, with 17 bulletins and 36 CVEs, and additional 37 CVEs in Adobe Flash. Six bulletins were ranked critical, while the others were considered important. Under the critical updates were Edge and Internet Explorer. Microsoft DNS server has a critical bulletin, which could be risky with a publicly released exploit.
The biggest concern is in Adobe Flash, which is embedded in Internet Explorer and Edge. Adobe has been part of Microsoft patches since April. In May, 17 critical vulnerabilities were patched, and in June, 37 issues were addressed.
Goodbye, QuickTime
In April 2016, Apple confirmed QuickTime’s end of life in Windows after 11 years of being supported by that OS. Apple will stop issuing patches and updates for the PC version of its multimedia software. Hence, it is best to remove the software from Windows computers or use it at your own risk.
Trend Micro discovered two new flaws in QuickTime 7 for Windows. Apple allegedly knew of these security threats in November 2015 but had no plans to provide a patch, adding that the software would deprecate on Windows. The vulnerabilities included QuickTime playing an infected file or directing the user to a malicious website, making computers vulnerable to remote code execution.
Other hacking news you should be aware of
Certain vulnerabilities in your computer and applications could put your business at risk. Hence, it makes sense to always apply patch updates when they become available. One of the latest hacking incidents occurred with The Clinton Foundation, which was said to have been hacked by Russians. Attacks on the network of the foundation and those of Hillary Clinton’s campaign and the Democratic Party caused a stir in the world of digital security.