Patch Tuesday for January 2016

Estimated reading time: 2 minutes.

This month’s Microsoft updates are more interesting than usual, in that they are the last for versions of Internet Explorer earlier than 11. No more patches for older IE versions means you should avoid using them if at all possible, since they are likely to become a major target for malicious persons intent on spreading malware and increasing the size of their botnets.

It’s interesting to speculate on how much of a hit Microsoft will take in terms of browser share once people move way from IE 8, 9, and 10. Estimates vary, but I’ve seen recent numbers that show IE 8 at 9%, IE 9 at 7%, and IE 10 at 4%. If everyone does the right thing and switches browsers, Microsoft could lose as much as 20% of their browser market share.

There are ten updates from Microsoft this month, affecting Windows, Internet Explorer, Edge, MS Office, Visual Basic, Silverlight, and Exchange Server. Six of the updates are flagged as Critical. A total of twenty-five vulnerabilities are addressed.

When installed, the Silverlight update will bump the software’s version up to Build 5.1.41212.0. Silverlight’s release notes page has been updated to show what’s changed.

Three security advisories were also published by Microsoft today, the most interesting of which is titled Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program.

Adobe joins the fun once again this month, but this time we only get an update for Reader that addresses fifteen vulnerabilities. Surprisingly, there are no updates for Flash.

Update: Support for Windows 8 has also ended. Anyone still using Windows 8 should upgrade to Windows 8.1 to continue receiving updates.

Clarification: Microsoft will still develop security updates for Internet Explorer 7, 8, 9, and 10, as well as Windows XP, Vista, and Windows 8, because they are still supported for some business clients, and for some Windows Server versions. The updates just won’t be available to regular folks.

About jrivett

Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

Leave a Reply