Microsoft has released a January security patch, which addresses some of the vulnerabilities that are affecting the performance of Windows products.
The security patch from Microsoft addresses 15 vulnerabilities in total. Of this number, only three were detected in its own products. What about the remaining 12 you wonder? These existed on Adobe Flash but have been fixed by the security patch.
Per reports, the January bulletin is probably the smallest security bulletin released by Microsoft.
The latest patch is going to be the last security bulletin published in the format of two web pages. The patterns shall undergo some changes in February.
In November 2016, Microsoft shared that it intended to switch the current security bulletin format in favor of a searchable database.
The patches are covered in four security bulletins.
First Bulletin
One bulletin is dedicated to Adobe Flash player. The patches were distributed through the Windows update.
Second Bulletin
The second bulletin pertains to Microsoft Office, Office Services, and Web Apps and is the only one that is rated critical. This covers a memory corruption issue, which hackers can exploit by tricking a user to "open specially crafted files and can lead to remote code execution."
The security update counters the issue by rectifying how "affected versions of Office and Office components handle objects in memory."
Third Bulletin
Another patch is the MS 17-001 security update for Microsoft Edge and resolves the vulnerability that could "allow elevation of privilege if a user views a specially crafted web page."
This bulletin pertains to the Microsoft Edge Browser and covers vulnerable areas such as convenient access made by hackers to crafted web pages. According to this, a hacker can incorporate information and even inject data from one domain to another domain with ease.
Fourth Bulletin
This bulletin relates to the denial-of-service issue regarding Windows 7, Window Vista, Windows Server 2008, and also Windows Server 2008 R2.
The flaw was detected to be in the Local Security Authority Service that handles the authentication requests. These requests can be exploited by hackers to reboot the system and related operations.
"The security update addresses the vulnerability by changing the way that LSASS handles specially crafted authentication requests," said Microsoft.
Windows 8.1 will not receive any patch this month. Also Windows 10 users would be able to install the cumulative updates made by Microsoft.
So with such a small January patch, Microsoft has definitely eased out the whole process of fixing vulnerabilities and reducing the chances of things going wrong.
