Microsoft’s first patch Tuesday for 2016 brings with it six critical updates and three important updates. But perhaps more importantly, Microsoft is discontinuing support for Internet Explorer 8, 9 and 10, as well as Windows 8.0. Windows 8.1; the major update to 8.0 is still being supported.
MS16-001 is the cumulative security update for Internet Explorer 8, 9, 10 and 11. It addresses a remote code execution vulnerability by visiting a specially designed website that gives an attacker current user-level access control. This is more critical if the user is an administrator. This will be the final IE patch for IE 8, 9 and 10.
MS16-003 is an update to Windows JScript and VBScript that can allow for remote code execution and the ability for an attacker to assume current user-level access control.
MS16-004 is an update that applies to all versions of Microsoft Office (including Mac and RT versions). It addresses a vulnerability that could allow for remote code execution in the context of the current user.
MS16-005 addresses a vulnerability in kernel-mode drivers that can allow remote code execution.
MS16-008 is an important update that pertains to Windows Kernel which could allow elevation of privilege if an attacker gains access to a system and runs an application.
MS16-009 was skipped, reportedly due to holdups in testing.
Skybox’s Vulnerability Center and our built-in vulnerability feed is updated as soon as new vulnerabilities are reported from major software vendors. This gives our users the up-to-date intelligence to help manage vulnerabilities in the context of their network and their current security posture. Request a free 30 day trial of the Skybox Vulnerability and Threat Management solution to see how you can apply this intelligence and get total visibility across your entire network.