Microsoft releases nine security bulletins in first Patch Tuesday of 2016

Microsoft has released nine security bulletins in the January Patch Tuesday update, six of which are listed as critical.

The updates cover a range of software, including Internet Explorer, Office, Silverlight and Visual Basic, and mainly patch vulnerabilities that could allow a hacker to launch remote attacks.

The MS16-001 bulletin resolves vulnerabilities in IE which could allow remote code execution.

"If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," warned the Microsoft advisory.

Additionally, this is the last security update for several older versions of IE that have now reached end-of-life.

MS16-002 affects Microsoft's Edge browser and fixes a flaw that leaves users open to attack if they visit a "specially crafted" malicious website.

"An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less affected than those who operate with administrative user rights," said Microsoft.

MS16-003 fixes flaws in JScript and VBScript on Windows that could give an attacker escalated privileges. MS16-004 affects Office and Visual Basic and removes a bug that leaves machines vulnerable to malware-ridden Office documents.

MS16-006 is a critical update for Silverlight and fixes a fault that could allow remote code execution if a user visits a compromised website containing a malicious Silverlight application.

However, security experts have listed MS16-005 as the most urgent critical update for Windows Vista, Windows 7 and Server 2008 with Wolfgang Kandek, chief technology officer at cloud security firm Qualys, urging firms to update immediately.

"CVE-2016-0009 results in Remote Code Execution (RCE), plus the vulnerability has been publicly disclosed."

He noted, though, that overal the first security bulletin of 2016 was fairly low in number, although it still contained important fixes.

"The first Patch Tuesday of 2016 turns out to be low in numbers, but broad and packing quite a punch," he said.

"In addition, some rather important products are going end-of-life and get their last patch update today. Microsoft is retiring support for all older browsers on each platform and will from here on only maintain the newest browser on each version of the OS."

Microsoft ended support for a range of software this month, including Internet Explorer 8, 9 and 10.

"End of support means there will be no more security updates, non-security updates, free or paid assisted support options, or online technical content updates," the firm said.

"IE 11 is the last version of IE and will continue to receive security updates, compatibility fixes and technical support on Windows 7, Windows 8.1 and Windows 10."

Microsoft also ended support for the three-year-old Windows 8 this week, meaning that users are now forced to make the jump to 8.1 or Windows 10 to keep receiving security updates and stay protected against malware, spyware and viruses.