Microsoft issues 16 security bulletins for May’s Patch Tuesday, including critical updates for its Internet Explorer and Edge browsers and Microsoft Office.

Microsoft released 16 bulletins, eight tagged as critical, for May’s Patch Tuesday.

Internet Explorer (IE) and Microsoft Edge received critical cumulative security updates addressing remote code execution (RCE) vulnerabilities that could give an attacker the same user rights as the current user. If the current user has administrative rights, the attacker could control the affected machine and install programs or create new accounts with full user rights.

MS16-051, which resolves five vulnerabilities in IE, is rated critical for IE 9 and IE 11 on affected Windows clients. One of the critical vulnerabilities, CVE-2016-0189, is currently under attack in the wild.

“That’s the one you want to install quickly,” said Wolfgang Kandek, CTO for Qualys Inc., in Redwood City, California. “That’s a no-brainer.”

The flaw — which is also addressed in MS16-053 — is in the JavaScript engine, and packaged separately from IE in Windows Vista and Windows 2008.

Even if a user is not using IE, it still needs to be patched because it runs in the background and can be attacked by hackers, according to James Rowney, service manager at Verismic Software Inc. in Aliso Viejo, California.

Read the full article on