Patch Tuesday this month introduces 17 bulletins fixing over 100 flaws in Microsoft and Adobe products, including one being actively exploited in the wild.
Top of the list is MS16-051, which fixes the publicly disclosed CVE-2016-0188 and remote code execution-type flaw CVE-2016-0189.
According to Symantec the latter vulnerability is currently being exploited in targeted attacks in South Korea via spearphising or watering hole attacks.
Adobe comes next, and although there’s no current patch available for APSA16-02, there should be a new version of Flash along later this week to address the zero-day CVE-2016-4117.
Adobe also released bulletins for Acrobat and Reader, and ColdFusion which address 92 CVEs.
Aside from MS16-051 there are six more critical bulletins from Microsoft this month.
One of these is MS16-053, a Windows update which resolves two vulnerabilities including the previously mentioned CVE-2016-0189.
“This OS update is another that’s recommended to rollout as quickly as possible this month as it affects older versions of the OS and VMScript and JScript versions,” explained Shavlik product manager, Chris Goettl.
“The vulnerability that has been exploited can be used in user-targeted attacks such as a specially crafted website designed to exploit the vulnerability through Internet Explorer or ActiveX controls marked ‘safe for initialization’ in an application or Microsoft Office document that hosts the IE rendering engine. The attacker gains privileges equal to the logged on user, so running as less than administrator will mitigate the impact of exploit.”
The remaining five critical bulletins fix flaws in Edge, Office, Microsoft Graphics Component, Windows Journal and Windows Shell.
Elsewhere, Qualys CTO Wolfgang Kandek warned IT admins of another major vulnerability that needs mitigating – in popular open source program ImageMagick.
CVE-2016-3714, aka ‘ImageTragick’, allows for RCE through image uploads and is being actively exploited in the wild, he explained.
“At the moment no patch is available, but a workaround has been published that neutralizes current attacks. We recommend the same thing the attackers are doing: scan your infrastructure for occurrences of ImageMagick and then apply the workaround in the policy.xml file,” Kandek added in a blog post.
“I did this immediately on my sites, even though I use ImageMagick only in commandline mode for thumbnail creation. BTW, the workaround has become more complete over the last two weeks, so it is worth taking another look even if you have applied it already…”