Here's what you need to know about Patch Tuesday, January 2016 Getty Images

Here's what you need to know about Patch Tuesday, January 2016

We've read the Patch Tuesday bulletins so you don't have to (unless that's your thing). Here's what you might want to pay attention to.


Are you running Internet Explorer? Then pay attention to MS16-001. The browser currently has a vulnerability that could allow a remote attacker to take over your computer if you're lured into loading specific web pages.

So what? If you're logged in as an admin, the remote operator is effectively able to take those admin privileges and install programs on your computer, go romping through your data, or create a new user account with full rights and use it to do whatever they play.

Which Internet Explorer users are affected? The short answer is "Pretty much of all of them." The bulletin lists Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10 and Internet Explorer 11.


So Microsoft Edge users can be all smug about their browser, right? Not so fast, says MS16-002. You know that whole "go to the wrong website and someone malicious can quietly grab user rights on your computer?" thing we talked about a few paragraphs ago? Edge's got it too. Note that the Windows 10 update and a computer restart should fix this for you.

The only exception, according to MS16-002, is this one:

Customers running Windows 10 or Windows 10 Version 1511 who have Citrix XenDesktop installed will not be offered the update. Because of a Citrix issue with the XenDesktop software, users who install the update will be prevented from logging on. To stay protected, Microsoft recommends uninstalling the incompatible software and installing this update. Customers should contact Citrix for more information and help with this XenDesktop software issue.


What about Microsoft Office users? Any bad news there? Yes! It's in MS16-004. If users open a "specially crafted Microsoft Office file," a remote attacker can slide on into your computer and do questionable things. You know, the usual.

The update is rated "critical" for anyone running the following Office configurations: Microsoft Office 2007 Service Pack 3 (3114541); Microsoft Office 2010 Service Pack 2 (32-bit editions)  (3114553); Microsoft Office 2010 Service Pack 2 (64-bit editions)  (3114553); Microsoft Office 2013 Service Pack 1 (32-bit editions) (3114486); Microsoft Office 2013 Service Pack 1 (64-bit editions) (3114486); Microsoft Office 2013 RT Service Pack 1 (3114486); Microsoft Office 2016 (32-bit edition) (3114527); Microsoft Office 2016 (64-bit edition) (3114527).

(Users who have Microsoft Office 2013 RT Service Pack 1 will get their security update via a Windows update.)

Note that this also affects the following OS X products: Microsoft Excel for Mac 2011 (3133699); Microsoft PowerPoint for Mac 2011 (3133699); Microsoft Word for Mac 2011 (3133699); Microsoft Excel 2016 for Mac (3133711); Microsoft PowerPoint 2016 for Mac (3133711); Microsoft Word 2016 for Mac (3133711).

However, there is no update. Microsoft reports, "The 3133699 update for Microsoft Office for Mac 2011 and the 3133711 update for Microsoft Office 2016 for Mac are not yet available. The updates will be released as soon as they are available and users will be notified via a bulletin revision."


What about Windows? What do we have to worry about? The usual "visit a malicious website, have a remote user take over your computer" monkeyshines.

If you have Windows Vista or Windows 7, definitely scan through MS16-005 and restart as recommended.

There are also two "important" bulletins -- right below "critical" -- and they also address remote-access issues. Check out MS16-007 and MS16-008 for those.


Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.