April 2016 Security Updates Summary

Yesterday as scheduled Microsoft and Adobe made available their monthly security updates.

Microsoft’s updates consist of 13 security bulletins one of which relates to last week’s Adobe Flash Player update (more details below). These bulletins resolve 30 vulnerabilities more formally known as CVEs (defined).

Just like last month; at the time of writing Microsoft’s Security Bulletin Summary does not list any Known issues for the security bulletins made available today. An alternative source for information on Known Issues is the IT Pro Patch Tuesday blog which is usually updated shortly after the release of the updates if any issues are encountered. Again, no issues are listed at the time of writing. These are welcome signs when there a large number of updates to install.

One of the Microsoft bulletins relates to Adobe Flash Player update that was made available for non-Windows 8.1 and Windows 10 users last week. Further details are available in my blog post. That update resolves 24 security issues including 1x zero day (defined) vulnerability. Yesterday, Adobe also released security updates for the Creative Cloud Desktop Application and RoboHelp Server each resolving an important severity vulnerability listed as priority 2 by Adobe.

If you use any of the above Adobe applications, please follow the above product links to the appropriate security bulletins and apply the necessary updates.

You can monitor the availability of security updates for the majority of your software from the following websites (among others) or use Secunia PSI:

—————
US Computer Emergency Readiness Team (CERT) (please see the “Information on Security Updates” heading of the “Protecting Your PC” page):
https://www.us-cert.gov/

A further useful source of update related information is the Calendar of Updates. News/announcements of updates in the categories of General Software, Security Software and Utilities are available on their website. The news/announcements are very timely and (almost always) contain useful direct download links as well as the changes/improvements made by those updates (where possible).
—————

If you use any of the above software, please install the appropriate updates as soon as possible. Steps for installing updates for Windows are provided on the “Protecting Your PC” page.

In order to resolve the most severe vulnerabilities first, I will provide a prioritised list of the Microsoft updates below. However, before beginning the installation of these, please install the above mentioned Adobe Flash Player update (for Windows 8.1 and Windows 10 users) if you have not already done so.

Next, please install the Microsoft Graphics component update first (it addresses 2x zero day (defined) vulnerabilities), followed by Internet Explorer, Microsoft Edge, Microsoft Office, XML Core Services, Security Update for SAM and LSAD Remote Protocols (otherwise known as “Badlock”, discussed further in this post) due to their severities. You can then proceed to install all remaining applicable updates in an order of your choice.

One final security pre-caution that you may wish to take if you have Microsoft EMET (please ensure your version of EMET is the most recent version 5.5) installed is to use it to protect you from Adobe Flash being used to exploit vulnerabilities when you open a Microsoft Office document or Adobe PDF file. I provide recommendations of how to do this at the end of the July 2015 Update Summary.

As always as a routine precaution I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s