Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Like it or not, here are ALL your October Microsoft patches

Redmond kicks off the era of the force-fed security update

Microsoft is kicking off a controversial new security program this month by packaging all of its security updates into a single payload.

The October security release introduces Redmond's new policy of bundling all security bulletins as one download. While more convenient for end users, who now get just one bundle, the move will irk many administrators, who had preferred to individually test and apply each patch to avoid compatibility problems.

In total, ten bulletins have been bundled into the Patch Tuesday payload:

  • MS16-118 is a cumulative update for Internet Explorer to address 11 security vulnerabilities, including six remote code execution flaws, three information disclosure vulnerabilities, and two elevation of privilege conditions.
  • MS16-119 will fix 13 CVE-listed vulnerabilities present in the Edge browser. Those flaws include eight remote code execution holes, two information disclosure flaws, two elevation of privilege holes, and one security feature bypass.
  • MS16-120 addresses seven flaws in the Microsoft Graphics Component in Windows (and used by Skype and Office) that would allow remote code execution, elevation of privilege, or information disclosure by opening a web page or document containing a malformed image or font.
  • MS16-121 will fix a single remote code execution flaw in Office related to problems with the handling of RTF document files. The flaw has also been patched in Office for Mac, so OS X and macOS users should be on the lookout for an update as well.
  • MS16-122 patches a remote code execution flaw in the Windows Video Control that can be exposed with files embedded in a web page or email document.
  • MS16-123 is a patch for five CVE-listed vulnerabilities in Windows Kernel Mode Drivers that allow elevation of privilege when the user runs a locally installed application.
  • MS16-124 patches four vulnerabilities in Windows that could potentially allow local applications to view registry information.
  • MS16-125 is an update to address an elevation of privilege flaw in the Windows Diagnostic Hub related to the handling of insecure library data. That flaw could potentially be targeted via a locally installed application.
  • MS16-126 cleans up an information disclosure flaw in the Windows Internet Messaging API for Internet Explorer that Microsoft has also addressed with the above . Both bulletins will need to be installed (not a problem anymore) for the vulnerability to be fully patched.
  • MS16-127 patches twelve vulnerabilities in Flash Player for Windows 8.1, Windows 10, and Server 2012.

For those not yet getting their Flash Player fixes directly from Microsoft, Adobe has posted its own fixes for twelve remote code execution flaws in Flash.

Adobe has also posted code clean-ups for 71(!) CVE-listed security holes in Acrobat and Reader, as well as a fix for a single elevation of privilege vulnerability in Creative Cloud. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like