March 2016 Patch Tuesday: 13 Microsoft Security Bulletins, 5 rated Critical

This month’s Patch Tuesday comes with 13 security bulletins, with 5 being Critical and the rest marked as Important. Most of these vulnerabilities pertain to Windows, with only a few concerning the usual suspects Internet Explorer and Microsoft Edge.

Two of the Critical bulletins are the regular cumulative updates for both Internet Explorer (MS16-023) and Microsoft Edge (MS16-024). As is frequently the case with browser vulnerabilities, the flaws fixed in these bulletins would allow for arbitrary code execution if the user visits a specially-craftwed website. Another Critical bulletin is MS16-026, which allows for code execution if a user visits a website with specially-crafted OpenType fonts embedded on the page. MS16-029, an Important bulletin for Microsoft Office, fixes several vulnerabilities, one of which (CVE-2016-0134) was discovered by Trend Micro researcher Jack Tang.

Adobe also released patches on Patch Tuesday, with fixes for three vulnerabilities affecting Acrobat and Reader. They also noted that an update for Flash Player will arrive later this week. We advise users to keep their systems up-to-date: patching may be inconvenient, but it prevents these attacks from affecting their systems.

Trend Micro Solutions:

Trend Micro Deep Security and Vulnerability Protection protect user systems from any threats that may leverage these vulnerabilities via the following DPI rules:

1007467 – Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0102)
1007468 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0103)
1007469 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0104)
1007470 – Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0105)
1007471 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0106)
1007472 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0107)
1007473 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0108)
1007474 – Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0109)
1007475 – Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0110)
1007476 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0112)
1007477 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0113)
1007478 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0114)
1007481 – Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0123)
1007482 – Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2016-0121)
1007483 – Microsoft Windows Media Player Parsing Remote Code Execution Vulnerability (CVE-2016-0098)
1007484 – Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0111)
1007485 – Microsoft Windows Media Player Parsing Remote Code Execution Vulnerability (CVE-2016-0101)
1007486 – Microsoft Windows PDF Library Remote Code Execution Vulnerability (CVE-2016-0117)
1007487 – Microsoft Windows PDF Library Remote Code Execution Vulnerability (CVE-2016-0118)
1007488 – Microsoft Office Memory Corruption Vulnerability (CVE-2016-0021)
1007489 – Microsoft Windows OLE Memory Remote Code Execution Vulnerability (CVE-2016-0091)
1007490 – Microsoft Windows OLE Memory Remote Code Execution Vulnerability (CVE-2016-0092)
1007492 – Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0124)
1007517 – Microsoft Office Memory Corruption Vulnerability (CVE-2016-0134)