Microsoft has released October 2016 Patch Tuesday with important updates including to Windows 7 and 8.x systems which should be installed by users immediately, because five of them are rated critical and they could allow remote code execution on affected computers. Some of these updates are for Internet Explorer and Microsoft Edge, but more details we’ll give you below.
MS16-118: this update is to Internet Explorer and it resolved 11 security vulnerabilities which are related to memory corruption and scripting engine issues and it corrects how the old web browser handles objects in memory and namespace boundaries. Microsoft had to act fast, because if users were logged on with administrative user rights, attackers could take control of their system and install programs, delete or change data, or even create new accounts with full user rights.
MS16-120: the vulnerabilities fixed by this update are in all supported releases of Microsoft Windows, Microsoft Office 2007 and Microsoft Office 2010, Skype for Business 2016, Microsoft Lync 2013, and Microsoft Lync 2010, Microsoft .NET Framework and Silverlight.
MS16-122: this update corrects how Microsoft Video Control handles objects in memory, as there was a vulnerability which, if left unpatched, could lead to a remote code execution scenario.
MS16-127: it fixed 12 security vulnerabilities in Adobe Flash Player on affected devices running on Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
MS16-121: it fixed a vulnerability in Microsoft Office which had to do with the way the program handled RTF files.
MS16-123: it fixed five vulnerabilities in the Windows kernel-mode component that could allow elevation of privilege. If an attacker could find a way to log onto an affected system, he could run a specially crafted application and exploit the vulnerabilities, then gain control of that system.
MS16-124: the vulnerabilities fixed by this update were in Windows and they could allow elevation of privilege.
MS16-125: only one vulnerability was fixed and it had to do with Windows 10.
MS16-126: a vulnerability that could lead to information disclosure when Microsoft Internet Messaging API improperly handles objects in memory has been fixed.