Microsoft has issued its latest Patch Tuesday release, fixing 13 flaws covering key products including Windows, the Edge browser and, of course, Internet Explorer.
This month's package is not as bad as the one before it when there were a lot of serious vulnerabilities to deal with, but it still contains enough patches to be of note to IT teams, especially the four 'critical' fixes.
Microsoft noted that all versions of Windows are affected by some of the flaws, and urged users of Windows Vista and later, including Windows 10, to get patching immediately.
Wolfgang Kandek, CTO at security firm Qualys, said that Patch Tuesdays have gone downhill since January, but that companies need to act now.
"We are back to normal numbers on Patch Tuesday. After a light start with nine bulletins in January we are getting 12 bulletins (five critical) in February, which is in line with the average count for last year of 12.25 a month. Actually it is 13, but the last one this month, MS16-022, is more of a packaging change," he said.
"It concerns Adobe Flash, a software package where updating has already been handled by Microsoft for the last three and a half years in the Internet Explorer 10 and 11 browsers.
"The highest priority item is MS16-022, which contains fixes for 22 vulnerabilities for Adobe Flash, all of them rated as 'critical' and capable of handing the attacker complete control over the target machine."
The Flash business was also praised by Tyler Reguly, manager of software development at Tripwire, who said that this is "one of the best changes" that February has to offer. In case you missed it, no-one likes Flash these days.
"One of the best changes this month is that Adobe Flash Player embedded in Microsoft IE and Edge has finally received its own bulletin. Previously, Microsoft updated the same Knowledge Base on a month-by-month basis with no defining elements," he said.
"This is a welcome change and hopefully bodes well for other areas where Microsoft continues to do this."
A large chunk of the Microsoft fixes provide protection against remote code execution (RCE) threats. One of these applies to Windows Journal, which has interested Craig Young, a security researcher at Tripwire.
"Today marks the 12th RCE bug Microsoft is patching in Windows Journal in just 10 months. This is particularly interesting because Windows Journal vulnerabilities were basically unheard of before 2015," he said.
"While the increased scrutiny of Windows Journal may be an indication of Microsoft's successes in the tablet space, it is important to remember that the flaw is not limited to tablets.
"In fact every piece of software installed on a computer adds to the potential attack surface even if that software is not frequently used."
Giant battery produced ahead of time
Precision range features Ubuntu out of the box
City of Glasgow College teams up with NetApp
Have we found some cracking deals for you!