February 2016 Security Updates Summary

Since today is the second Tuesday of the month Microsoft and Adobe made available their scheduled security updates for their software.

There are 13 bulletins in total (although MS16-022 is related to Adobe Flash Player) addressing 41 security issues with Microsoft software more formally known as CVEs (defined) and 32 CVEs within Adobe software (22 within Flash Player and a further 10 CVEs in total within Adobe Experience Manager, Adobe Connect and Photoshop CC/Bridge CC):

=======================
Microsoft’s Security Bulletin Summary lists 5 Known Issues with regard to the following bulletins:

MS16-009: Update for Internet Explorer: Knowledge base article kb3134814: After installing this update it can cause websites not to display in Internet Explorer 11 Enterprise mode (used for compatibility with older websites). This issue can be resolved by installing the update documented in knowledge base article kb3141092

MS16-014: Security Update for Windows: Knowledge base articles kb3126587 and kb3126593: Issues include compatibility issues with Corel software (suggested workaround available) and possible error messages appearing in the Windows event log, no workaround provided.

MS16-017: Security Update for Remote Desktop Display Driver: Knowledge base articles kb3134700 and kb3126446: Issues involve needing to restart your computer multiple times after installing this update.
=======================

Microsoft have also made available a security advisory today for ASP.Net templates when used within Visual Studio 2013 and 2015. Users of Visual Studio and/or software developers should review this advisory to determine if you need to take further action.

Moreover; an alternative source for information on Known Issues is the IT Pro Patch Tuesday blog which is usually updated shortly after the release of the updates if any issues are encountered. No issues are listed at the time of writing.

One of Adobe’s updates that was mentioned above addresses 22 critical CVEs within Flash Player. From the many exploits that were developed for Flash Player last year it would be prudent to install this update before any other updates (further discussion provided below). Further details for this update are available in this security bulletin. If you use Adobe Experience Manager, Adobe Connect or Photoshop CC/Bridge CC, please follow the above product links to the appropriate security bulletins and apply the necessary updates.

You can monitor the availability of security updates for the majority of your software from the following websites (among others) or use Secunia PSI:

—————
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates. News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).
—————

If you use any of the above software, please install the appropriate updates as soon as possible. Steps for installing updates for Windows are provided on the “Protecting Your PC” page.

While the Adobe Flash Player update should be applied before all other updates this month to assist with prioritizing Microsoft’s updates I would recommend beginning to install Microsoft updates starting with the Internet Explorer update, Microsoft Edge, Microsoft Office, Windows PDF Library and Windows Journal (in this order) due to their critical severities and widespread use. You can then install any remaining applicable updates beginning this round of updates with the Kernel Mode Drivers update since exploitation of the vulnerability it addresses is more likely.

One other security pre-caution that you may wish to take if you have Microsoft EMET installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of July’s Update Summary.

As always as a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s