Skip to main content
Patch Management

Out of Band Update for Flash

By March 29, 2016No Comments

By James Rowney, Service Manager of Verismic Software

MS16-036 is a critical out of band update and resolves 20 vulnerabilities in Adobe Flash Player on all supported versions of Windows Server 2012, Windows Server 2012 R2, Windows 8.1, Windows RT 8.1, and Windows 10. This bulletin addresses vulnerabilities by updating the Adobe Flash libraries contained within all supported versions of Internet Explorer and Microsoft Edge. We recommend that this update be installed with the highest priority.
[vc_single_image image=”6006″ img_size=”medium” alignment=”center”]
A successful attacker will exploit this vulnerability to gain Remote Code Execution giving them full access to the targeted device. The vulnerabilities can be exploited by redirecting users to malicious websites specifically set up for the purpose of attack using Search Engine Poisoning, hacking legitimate websites and email documents, PDF, Word etc. with malicious Flash content.
[vc_single_image image=”8925″ img_size=”medium” alignment=”center”]
This update, in my opinion, should be a business’s highest priority and therefore should be deployed with the utmost urgency. Flash exploits are increasingly becoming the vulnerability of choice, and with the wide spread use of the application, this means we are all exposed. My advice would be to uninstall Flash, Silverlight and Java browser extensions, and test to see if they are really necessary. Microsoft published on Monday, March 7 that 14 vulnerabilities would be released in this month’s Patch Tuesday updates, but only 13 made it through. MS16-036 was held back at the last minute due to the discovery of CVE-2016-1010. The zero-day vulnerability was discovered by Anton Ivanov of Kaspersky Labs, but no additional details have been released.

In an e-mail, a Kaspersky representative wrote: “Today Adobe released the security bulletin APSB16-08, crediting Kaspersky Lab for reporting CVE-2016-1010. The vulnerability could potentially allow an attacker to take control of the affected system. Kaspersky Lab researchers observed the usage of this vulnerability in a very limited number of targeted attacks. At this time, we do not have any additional details to share on these attacks as the investigation is still ongoing. Even though these attacks are rare, we recommend that everyone get the update from the Adobe site as soon as possible.”

Additional Information
Should you have the need to install any language packs then this update will need to be reapplied, Verismic Software advises that any pending language pack installs are applied prior to installing MS16-036

Vulnerability Information
This security bulletin addresses the following vulnerabilities which are described in Adobe Security Bulletin APSB16-08: CVE-2015-8652, CVE-2015-8655, CVE-2015-8658, CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-1001, CVE-2016-1005, CVE-2016-1010.
Read the full article at appdevelopermagazine.com.

You May Also Like

may-3rd-Party-Roundup-Webinar Patch ManagementPatch TuesdayVideoWebinars

May 2023 3rd Party Roundup Webinar

Mara DomenicoMay 30, 2023
May 2023 Patch Tuesday Updates Patch ManagementPatch TuesdayVideoWebinars

Microsoft Patch Tuesday Update | May 2023

Mara DomenicoMay 10, 2023
May 2023 Patch Tuesday Updates BlogPatch ManagementPatch Tuesday

May Patch Tuesday 2023 Microsoft releases 38 fixes this month including 7 Critical and 1 Weaponised Threat

Mara DomenicoMay 9, 2023

Leave a Reply