December 7, 2016

Nine Critical Patches Coming From Microsoft

Microsoft has published the advance notification of the security bulletins that it is intending to release for June’s Patch Tuesday.

The 16 security bulletins contain nine critical items (all related to Remote Code Execution) with the remaining seven marked as “Important”. According to Microsoft, the bulletins will patch a total of 34 vulnerabilities affecting Microsoft Windows, Microsoft Office, Internet Explorer, .NET, SQL, Visual Studio, Silverlight and ISA.

One of the issues Microsoft will start to address in this month is “cookiejacking,” where an attacker steals cookies from a user’s computer and then accesses websites the user has previously logged into. The Internet Explorer bulletin will address one of the known vectors to gain access to the cookie folder. By “one of the known vectors” it is assumed Microsoft are talking about the IE cookiejacking zero-day exploit found last month by Rosario Valotta.