Redmond releases security update for all Windows versions

One of the updates that Microsoft rolled out as part of this month’s Patch Tuesday cycle comes to address a critical security flaw in absolutely all Windows versions that are still being supported, starting with Windows Vista Service Pack 2 and ending with Windows 10.

MS16-013 is an update flagged by Microsoft as critical and fixes a Windows Journal vulnerability that would allow an attacker to get control of an unpatched system.

Microsoft explains:

“This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

“For an attack to be successful, this vulnerability requires that a user open a specially crafted Journal file with an affected version of Windows Journal. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted Journal file to the user and then convincing the user to open the file.”