Microsoft’s May Patch Tuesday roll out which contains 16 bulletins covering 37 vulnerabilities, with half of them being rated critical and possibly leading to remote code execution, is a slightly larger batch compared to the 13 issued in April.
The critical rated bulletins are MS16-051, MS16-052, MS16-053, MS16-054, MS16-055, MS16-056, MS16-057 and MS16-064 with several industry watchers tagging MS16-051 for Internet Explorer as one of the more important issues because, as Microsoft has already noted, it is under attack in the wild.
David Picotte, Rapid7‘s engineering manager said in an email to SCMagazine.com that if for whatever reason administrators can’t patch their systems right away, Microsoft has provided a workaround in MS16-051 that disables the VBScript.dll and JScript.dll functionality. A method Picotte described as “a crude but effective means of reducing your risk.”
The remaining critical bulletins are for Microsoft Edge, JScript and VBScript, Office, Graphics Component, Windows Journal and Windows Shell.
Chris Goettl, a product manager with Shavlik, said, in comments emailed to SCMagazine.com, “Adobe Flash Player only released an advisory today, but it included high-level details of a vulnerability that has been detected in exploits in the wild. If information gleaned from MS16-064 is accurate, this Zero Day will be accompanied by 23 additional CVEs, with the release expected on May 12th. With this in mind, the recommendation is to roll this update out immediately.”
Although not rated critical MS2016-061 also caused some raised eyebrows. This Windows vulnerability could allow elevation of privilege if an unauthenticated attacker makes malformed Remote Procedure Call requests to an affected host.
“Although Microsoft rates CVE-2016-0178 as less likely to be exploited, the potential for abuse on this one is enormous,” Tripwire security researcher Craig Young said in comments emailed to SCMagazine.com. “The underlying flaw affects all supported servers and desktops from Windows Vista to Windows 10 and can allow an unauthenticated attacker to gain control of unpatched systems.”