Hello, welcome to the Wednesday, December 14th, 2016 edition of the Sandternut Storm Center's

Stormcast. My name is Johannes Ulrich, and I'm recording from Washington, D.C. Well, today, of course, Microsoft

patched Tuesday. We got 11 different bulletins from Microsoft plus one from Adobe for Flash that was also included by Microsoft.

The Adobe one is of course critical as usual. In addition, we had five of the Microsoft

bulletins that are rated critical. We did rate the bulletins for Internet Explorer and Microsoft

Edge as critical because one of the vulnerabilities is already publicly known and may lead to arbitrary code execution.

This particular vulnerability is CVE 2016-702 and it is a memory corruption vulnerability in the scripting engine. While these

vulnerabilities are publicly disclosed there is currently according to Microsoft no exploitation

reported for these issues. A third bulletin included a publicly disclosed vulnerability, and that's the bulletin for the

dot net framework, MS16, 155.

We didn't rate that as a patch now because it's just an information disclosure vulnerability.

Other net really nothing too

terribly exciting, tons of vulnerabilities being patched in office. That's actually the bulletin

with the most vulnerabilities assigned to it, MS-16148. But none of these vulnerabilities are

publicly disclosed or have been exploited in the wild.

So as far as patch priority goes, start with the patches for InExplorer, Edge, and then of course

Flash, and then continue with the remainder in whatever order you see fit.

And well, Microsoft wasn't alone today.

Apple continued its updates.

Yesterday we saw iOS, TVOS, and watchOS updates.

The watchOS update was actually removed again because it caused some issues with some watches.

Now, today we also got an update for macOS Sierra.

...