On Tuesday Microsoft has released 12 security updates to its core operating system which is mostly rated critical the update provides protection from the remote code execution on the affected computers.
The security updates also address in core OS , Internet explorer, Edge.
The first update is MS16-144 patches a total of 8 security veulerabilities in internet explorer , 3 of them are publicly stated and they have also stated that they are not exploited.
The 3 publicly disclosed vulnerabilities state are of Microsoft Browser Security(CVE-2016-7282) which is a bypass bug(CVE-2016-7281) and there is a engine memory curruption vulenrability (CVE-2016-7202) which allows remote code execution.
Moving on to the EDGE browser there are 11 Flaws MS16-145 there are 11 flaws listed 3 of them are publicly disclosed
Here are some of the critical updated that are listed
MS16-149 resolves two holes in Windows, specifically a Windows crypto information disclosure flaw and a Windows installer elevation of privilege vulnerability.
MS16-150 addresses an elevation of privilege bug in Windows secure kernel mode due to mishandling objects in memory.
MS16-151 is to fix for two elevation of privilege vulnerabilities in Windows kernel mode drivers. One of the Win32k EoP flaws is due to Windows kernel mode driver failing to properly handle objects in memory; the other is due to Windows graphics component mangling objects in memory.
MS16-152 is a security update for Windows kernel as it improperly handles page fault system calls and could lead to information disclosure.
MS16-153 resolves an information disclosure bug in Windows by updating the common log file system driver.
MS16-155 is the fix for .NET framework; Microsoft noted that the information disclosure vulnerability has been publicly disclosed but is not being exploited.
MS16-143 was missing in action, considering the patches for November ended with MS16-142 and December began with MS16-144