KB3081436 Cumulative Update for Windows 10 brings security fixes for Microsoft Edge, Internet Explorer and more
Microsoft has released the second cumulative update for Windows 10, called the KB3081436.
As you may have observed, the update has been released on Tuesday again, which confirms that Patch Tuesday continues to exist, disproving some reports which claim otherwise.
Microsoft released KB3081424 cumulative update last week, to fix some issues, but failed to provide a change-log for the same. However, the Redmond Company has included a huge list of changes in today’s update.
KB3081436 consists of several update packages. Let’s take a look at each one of them.
KB3086251 fixes security issues found in Microsoft .NET Framework. A loophole which could allow elevation of privilege (admin rights or user rights), if the user runs a malicious .NET Framework app, has been fixed. These issues affected all versions of Windows Vista and above.
KB3084525 patches many vulnerabilities which were apparently reported in the new browser of Windows 10, Microsoft Edge. The most dangerous of the lot, was a vulnerability which allowed an attacker to remotely execute a malicious code, if the user visited an infected webpage using Microsoft Edge. This would in turn, give full rights to that of the user account logged in. So if a guest user was logged in, the attacker would gain only guest’s rights, but if an administrator account was used, the attacker would gain full rights, thus gaining complete control. This issue affects Internet Explorer as well, and has been fixed in KB3082442.
KB3082458 resolves issues security issues in Windows, Internet Explorer, and Microsoft Office, which could be used to gain information. The exploit is actually linked to another one in Internet Explorer. The vulnerability grants the attacker the ability to run a command-line parameter to drain information from Notepad, Visio, PowerPoint, Excel, or Word.
KB3082487 is related to USB drives. An issue was found to allow elevation of privilege, when a malicious USB device was plugged in to the PC. This would allow an attacker to execute a code, by writing a malicious binary to disk.
KB3078662 patches vulnerabilities caused by malicious webpages which use TrueType or OpenType fonts. The issues were found to impact Microsoft Windows, Microsoft Office, Microsoft .NET Framework, Microsoft Lync, and Microsoft Silverlight.
Quite frankly, that is an embarrassing list of issues, but it’s good to see that Microsoft has patched them all, and has openly announced the list of what they fixed too. You won’t be seeing these updates individually in your Windows Update history, as they are packed in to one cumulative update KB3081436
Oh, and yes you will need to restart your computer from the Windows Updates screen to install the updates.
Apart from these, two more Windows Updates were released today. KB890830 updates the Windows Malicious Software Removable Tool and KB3087916 patches vulnerabilities found in the Adobe Flash Player in Internet Explorer and Microsoft Edge. We have reported about these vulnerabilities in prior articles.