Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Patch Tuesday Analysis - September 2016

Download as PPTX, PDF
Ivanti
Ivanti

This document provides an overview and summary of Microsoft's September 2016 Patch Tuesday updates. It outlines several critical updates released to address vulnerabilities in Windows, Internet Explorer, Edge, Office, Exchange, and Adobe Flash Player. The updates fix issues that could allow remote code execution, elevation of privilege, or information disclosure. The document reviews the specific security bulletins and advisories released and their associated CVE identifiers.

1 of 26
Patch Tuesday Webinar Wednesday, September 14th, 2016 Chris Goettl • Product Manager, Shavlik Dial In: 1-855-749-4750 (US) Attendees: 927 265 569
Agenda September 2016 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
Best Practices Privilege Management Mitigates Impact of many exploits High Threat Level vulnerabilities warrant fast rollout. 2 weeks or less is ideal to reduce exposure. User Targeted – Whitelisting and Containerization mitigate
Patch Tuesday Analysis - September 2016
Industry News Microsoft announces servicing change for Windows 7, 8.1, and Server 2008 R2, 2012, 2012 R2 • Internet Explorer and OS updates in one of two options: • Security Bundle – Monthly bundle of Security only updates • Cumulative Rollup – Similar to Windows 10 cumulative bundle of Security and Non-Security updates in one package • .Net Rollup – Cumulative Bundle each month that applies. Will update only versions detected, not install new versions. • Flash Player for IE and OS • Office, SharePoint, SQL, Exchange, etc are not affected by the change set for October Adobe updated Flash Player distribution announcement. Sept 29th If you have not already done so, get an Adobe ID and sign up for the distribution agreement.
CSWU-030: Cumulative update for Windows 10: September 13, 2016  Maximum Severity: Critical  Affected Products: Windows 10, Edge, Internet Explorer  Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-104, MS16-105, MS16-106, MS16-110, MS16-111, MS16-112, MS16-113, MS16-114, MS16-115, MS16-116, MS16-117  Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure  Fixes 43 vulnerabilities:  CVE-2016-3247, CVE-2016-3291, CVE-2016-3292, CVE-2016-3295, CVE-2016-3297, CVE-2016-3324, CVE-2016-3325, CVE-2016- 3351 (Exploited), CVE-2016-3353, CVE-2016-3375, CVE-2016-3247, CVE-2016-3291, CVE-2016-3294, CVE-2016-3295, CVE- 2016-3297, CVE-2016-3325, CVE-2016-3330, CVE-2016-3350, CVE-2016-3351, CVE-2016-3370, CVE-2016-3374, CVE-2016- 3377, CVE-2016-3348, CVE-2016-3349, CVE–2016-3354, CVE–2016-3355, CVE–2016-3356, CVE-2016-3346, CVE-2016-3352, CVE-2016-3368, CVE-2016-3369, CVE-2016-3305, CVE-2016-3306, CVE-2016-3371, CVE-2016-3372, CVE-2016-3373, CVE-2016- 3302, CVE-2016-3344, CVE-2016-3345, CVE-2016-3370, CVE-2016-3374, CVE-2016-3375  Restart Required: Requires Restart
MS16-104: Cumulative Security Update for Internet Explorer (3183038)  Maximum Severity: Critical  Affected Products: Internet Explorer  Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 10 vulnerabilities:  CVE-2016-3247, CVE-2016-3291, CVE-2016-3292, CVE-2016-3295, CVE-2016-3297, CVE-2016-3324, CVE-2016-3325, CVE-2016- 3351 (Exploited), CVE-2016-3353, CVE-2016-3375  Restart Required: Requires Restart
MS16-105: Cumulative Security Update for Microsoft Edge (3183043)  Maximum Severity: Critical  Affected Products: Edge  Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.  Impact: Remote Code Execution  Fixes 12 vulnerabilities:  CVE-2016-3247, CVE-2016-3291, CVE-2016-3294, CVE-2016-3295, CVE-2016-3297, CVE-2016-3325, CVE-2016-3330, CVE-2016- 3350, CVE-2016-3351, CVE-2016-3370, CVE-2016-3374, CVE-2016-3377  Restart Required: Requires Restart
MS16-106: Security Update for Microsoft Graphics Component (3185848)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 5 vulnerabilities:  CVE-2016-3348, CVE-2016-3349, CVE–2016-3354, CVE–2016-3355, CVE–2016-3356  Restart Required: Requires Restart
MS16-107: Security Update for Microsoft Office (3185852)  Maximum Severity: Critical  Affected Products: Office, SharePoint  Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 13 vulnerabilities:  CVE-2016-0137, CVE-2016-0141, CVE-2016-3357, CVE-2016-3358, CVE-2016-3359, CVE-2016-3360, CVE-2016-3361, CVE-2016- 3362, CVE-2016-3363, CVE-2016-3364, CVE-2016-3365, CVE-2016-3366, CVE-2016-3381  Restart Required: May Require Restart
MS16-108: Security Update for Microsoft Exchange Server (3185883)  Maximum Severity: Critical  Affected Products: Exchange  Description: This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow remote code execution in some Oracle Outside In libraries that are built into Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.  Impact: Remote Code Execution  Fixes 3 (Microsoft) 18 (Oracle) vulnerabilities:  Microsoft: CVE-2016-0138, CVE-2016-3378, CVE-2016-3379  Oracle Outside In Libraries: CVE-2016-3575, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3595, CVE-2016- 3594, CVE-2015-6014, CVE-2016-3593, CVE-2016-3592, CVE-2016-3596, CVE-2016-3591, CVE-2016-3574, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3590  Restart Required: May Require Restart
MS16-116: Security Update in OLE Automation for VBScript Scripting Engine (3188724)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user of an affected system to visit a malicious or compromised website. Note that you must install two updates to be protected from the vulnerability discussed in this bulletin: The update in this bulletin, MS16-116, and the update in MS16-104.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-3375  Restart Required: Requires Restart
MS16-110: Security Update for Windows (3178467)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker creates a specially crafted request and executes arbitrary code with elevated permissions on a target system.  Impact: Remote Code Execution  Fixes 4 vulnerabilities:  CVE-2016-3346, CVE-2016-3352, CVE-2016-3368, CVE-2016-3369  Restart Required: Requires Restart
MS16-117: Security Update for Adobe Flash Player (3188128)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.  Impact: Remote Code Execution  Fixes 26 vulnerabilities:  CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016- 4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016- 6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932  Restart Required: Requires Restart
APSB16-29: Security updates available for Adobe Flash Player  Maximum Severity: Critical  Affected Products: Windows  Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Impact: Remote Code Execution  Fixes 29 vulnerabilities:  CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016- 4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016- 6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932  Restart Required: Requires Restart
CHROME-179: Google Chrome 53.0.2785.113  Maximum Severity: High  Affected Products: Google Chrome  Description: The stable channel has been updated to 53.0.2785.113 for Windows, Mac, and Linux.  Impact: Remote Code Execution  Fixes 6+ (Google) 29 (Adobe Flash) vulnerabilities:  CVE-2016-5170, CVE-2016-5171, CVE-2016-5172, CVE-2016-5173, CVE-2016-5174, CVE-2016-5175  Restart Required: Browser Restart Required
MS16-109: Security Update for Silverlight (3182373)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application. An attacker would have no way to force a user to visit a compromised website. Instead, an attacker would have to convince the user to visit the website, typically by enticing the user to click a link in either an email or instant message that takes the user to the attacker's website.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-3367  Restart Required: Does not require restart
MS16-111: Security Update for Windows Kernel (3186973)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a target system.  Impact: Elevation of Privilege  Fixes 5 vulnerabilities:  CVE-2016-3305, CVE-2016-3306, CVE-2016-3371, CVE-2016-3372, CVE-2016-3373  Restart Required: Requires Restart
MS16-112: Security Update for Windows Lock Screen (3178469)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Windows improperly allows web content to load from the Windows lock screen.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-3302  Restart Required: Requires Restart
MS16-113: Security Update for Windows Secure Kernel Mode (3185876)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory.  Impact: Information Disclosure  Fixes 1 vulnerabilities:  CVE-2016-3344  Restart Required: Requires Restart
MS16-114: Security Update for SMBv1 Server (3185879)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. On Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 operating systems, the vulnerability could allow remote code execution if an authenticated attacker sends specially crafted packets to an affected Microsoft Server Message Block 1.0 (SMBv1) Server. The vulnerability does not impact other SMB Server versions. Although later operating systems are affected, the potential impact is denial of service.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-3345  Restart Required: Requires Restart
MS16-115: Security Update for Microsoft Windows PDF Library (3188733)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow information disclosure if a user views specially crafted PDF content online or opens a specially crafted PDF document.  Impact: Information Disclosure  Fixes 2 vulnerabilities:  CVE-2016-3370, CVE-2016-3374  Restart Required: May Require Restart
Between Patch Tuesdays New Product Support: AutoCad Map 3D 20162017, SQL Server 2014 SP2, KeePass ClassicPro MSI Security Updates: KeePass Pro MSI (1), MS16-095 (additional patches released) (1), FireFox (2), Microsoft (3), Skype (1), Thunderbird (1), Opera (1), RealTimes Player (1), Chrome (1), Wireshark (1), GoToMeeting (1), PeaZip (1), MozyHome (1) Non-Security Updates: Microsoft (45), TeamViewer (1), Citrix VDA Core Services, Ccleaner (1), GoodSync (4), HipChat (3), WinSCP (1), WinRar (1), AutoCad (4), DropBox (4), Slack Machin-Wide Installer (2), MozyHome, Splunk Forwarder (1), FileZilla (1), SnagIt (1), Google Earth (1), CDBurnerXP (1), Tomcat (2), LibreOffice (1) Security Tools: Microsoft (1)
Patch Tuesday Analysis - September 2016
Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.
Thank you

More Related Content

Patch Tuesday Analysis - September 2016

  • 1. Patch Tuesday Webinar Wednesday, September 14th, 2016 Chris Goettl • Product Manager, Shavlik Dial In: 1-855-749-4750 (US) Attendees: 927 265 569
  • 2. Agenda September 2016 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
  • 3. Best Practices Privilege Management Mitigates Impact of many exploits High Threat Level vulnerabilities warrant fast rollout. 2 weeks or less is ideal to reduce exposure. User Targeted – Whitelisting and Containerization mitigate
  • 5. Industry News Microsoft announces servicing change for Windows 7, 8.1, and Server 2008 R2, 2012, 2012 R2 • Internet Explorer and OS updates in one of two options: • Security Bundle – Monthly bundle of Security only updates • Cumulative Rollup – Similar to Windows 10 cumulative bundle of Security and Non-Security updates in one package • .Net Rollup – Cumulative Bundle each month that applies. Will update only versions detected, not install new versions. • Flash Player for IE and OS • Office, SharePoint, SQL, Exchange, etc are not affected by the change set for October Adobe updated Flash Player distribution announcement. Sept 29th If you have not already done so, get an Adobe ID and sign up for the distribution agreement.
  • 6. CSWU-030: Cumulative update for Windows 10: September 13, 2016  Maximum Severity: Critical  Affected Products: Windows 10, Edge, Internet Explorer  Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-104, MS16-105, MS16-106, MS16-110, MS16-111, MS16-112, MS16-113, MS16-114, MS16-115, MS16-116, MS16-117  Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure  Fixes 43 vulnerabilities:  CVE-2016-3247, CVE-2016-3291, CVE-2016-3292, CVE-2016-3295, CVE-2016-3297, CVE-2016-3324, CVE-2016-3325, CVE-2016- 3351 (Exploited), CVE-2016-3353, CVE-2016-3375, CVE-2016-3247, CVE-2016-3291, CVE-2016-3294, CVE-2016-3295, CVE- 2016-3297, CVE-2016-3325, CVE-2016-3330, CVE-2016-3350, CVE-2016-3351, CVE-2016-3370, CVE-2016-3374, CVE-2016- 3377, CVE-2016-3348, CVE-2016-3349, CVE–2016-3354, CVE–2016-3355, CVE–2016-3356, CVE-2016-3346, CVE-2016-3352, CVE-2016-3368, CVE-2016-3369, CVE-2016-3305, CVE-2016-3306, CVE-2016-3371, CVE-2016-3372, CVE-2016-3373, CVE-2016- 3302, CVE-2016-3344, CVE-2016-3345, CVE-2016-3370, CVE-2016-3374, CVE-2016-3375  Restart Required: Requires Restart
  • 7. MS16-104: Cumulative Security Update for Internet Explorer (3183038)  Maximum Severity: Critical  Affected Products: Internet Explorer  Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 10 vulnerabilities:  CVE-2016-3247, CVE-2016-3291, CVE-2016-3292, CVE-2016-3295, CVE-2016-3297, CVE-2016-3324, CVE-2016-3325, CVE-2016- 3351 (Exploited), CVE-2016-3353, CVE-2016-3375  Restart Required: Requires Restart
  • 8. MS16-105: Cumulative Security Update for Microsoft Edge (3183043)  Maximum Severity: Critical  Affected Products: Edge  Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.  Impact: Remote Code Execution  Fixes 12 vulnerabilities:  CVE-2016-3247, CVE-2016-3291, CVE-2016-3294, CVE-2016-3295, CVE-2016-3297, CVE-2016-3325, CVE-2016-3330, CVE-2016- 3350, CVE-2016-3351, CVE-2016-3370, CVE-2016-3374, CVE-2016-3377  Restart Required: Requires Restart
  • 9. MS16-106: Security Update for Microsoft Graphics Component (3185848)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 5 vulnerabilities:  CVE-2016-3348, CVE-2016-3349, CVE–2016-3354, CVE–2016-3355, CVE–2016-3356  Restart Required: Requires Restart
  • 10. MS16-107: Security Update for Microsoft Office (3185852)  Maximum Severity: Critical  Affected Products: Office, SharePoint  Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 13 vulnerabilities:  CVE-2016-0137, CVE-2016-0141, CVE-2016-3357, CVE-2016-3358, CVE-2016-3359, CVE-2016-3360, CVE-2016-3361, CVE-2016- 3362, CVE-2016-3363, CVE-2016-3364, CVE-2016-3365, CVE-2016-3366, CVE-2016-3381  Restart Required: May Require Restart
  • 11. MS16-108: Security Update for Microsoft Exchange Server (3185883)  Maximum Severity: Critical  Affected Products: Exchange  Description: This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow remote code execution in some Oracle Outside In libraries that are built into Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.  Impact: Remote Code Execution  Fixes 3 (Microsoft) 18 (Oracle) vulnerabilities:  Microsoft: CVE-2016-0138, CVE-2016-3378, CVE-2016-3379  Oracle Outside In Libraries: CVE-2016-3575, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3595, CVE-2016- 3594, CVE-2015-6014, CVE-2016-3593, CVE-2016-3592, CVE-2016-3596, CVE-2016-3591, CVE-2016-3574, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3590  Restart Required: May Require Restart
  • 12. MS16-116: Security Update in OLE Automation for VBScript Scripting Engine (3188724)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user of an affected system to visit a malicious or compromised website. Note that you must install two updates to be protected from the vulnerability discussed in this bulletin: The update in this bulletin, MS16-116, and the update in MS16-104.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-3375  Restart Required: Requires Restart
  • 13. MS16-110: Security Update for Windows (3178467)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker creates a specially crafted request and executes arbitrary code with elevated permissions on a target system.  Impact: Remote Code Execution  Fixes 4 vulnerabilities:  CVE-2016-3346, CVE-2016-3352, CVE-2016-3368, CVE-2016-3369  Restart Required: Requires Restart
  • 14. MS16-117: Security Update for Adobe Flash Player (3188128)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.  Impact: Remote Code Execution  Fixes 26 vulnerabilities:  CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016- 4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016- 6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932  Restart Required: Requires Restart
  • 15. APSB16-29: Security updates available for Adobe Flash Player  Maximum Severity: Critical  Affected Products: Windows  Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Impact: Remote Code Execution  Fixes 29 vulnerabilities:  CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016- 4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016- 6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932  Restart Required: Requires Restart
  • 16. CHROME-179: Google Chrome 53.0.2785.113  Maximum Severity: High  Affected Products: Google Chrome  Description: The stable channel has been updated to 53.0.2785.113 for Windows, Mac, and Linux.  Impact: Remote Code Execution  Fixes 6+ (Google) 29 (Adobe Flash) vulnerabilities:  CVE-2016-5170, CVE-2016-5171, CVE-2016-5172, CVE-2016-5173, CVE-2016-5174, CVE-2016-5175  Restart Required: Browser Restart Required
  • 17. MS16-109: Security Update for Silverlight (3182373)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application. An attacker would have no way to force a user to visit a compromised website. Instead, an attacker would have to convince the user to visit the website, typically by enticing the user to click a link in either an email or instant message that takes the user to the attacker's website.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-3367  Restart Required: Does not require restart
  • 18. MS16-111: Security Update for Windows Kernel (3186973)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a target system.  Impact: Elevation of Privilege  Fixes 5 vulnerabilities:  CVE-2016-3305, CVE-2016-3306, CVE-2016-3371, CVE-2016-3372, CVE-2016-3373  Restart Required: Requires Restart
  • 19. MS16-112: Security Update for Windows Lock Screen (3178469)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Windows improperly allows web content to load from the Windows lock screen.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-3302  Restart Required: Requires Restart
  • 20. MS16-113: Security Update for Windows Secure Kernel Mode (3185876)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory.  Impact: Information Disclosure  Fixes 1 vulnerabilities:  CVE-2016-3344  Restart Required: Requires Restart
  • 21. MS16-114: Security Update for SMBv1 Server (3185879)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. On Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 operating systems, the vulnerability could allow remote code execution if an authenticated attacker sends specially crafted packets to an affected Microsoft Server Message Block 1.0 (SMBv1) Server. The vulnerability does not impact other SMB Server versions. Although later operating systems are affected, the potential impact is denial of service.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-3345  Restart Required: Requires Restart
  • 22. MS16-115: Security Update for Microsoft Windows PDF Library (3188733)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow information disclosure if a user views specially crafted PDF content online or opens a specially crafted PDF document.  Impact: Information Disclosure  Fixes 2 vulnerabilities:  CVE-2016-3370, CVE-2016-3374  Restart Required: May Require Restart
  • 23. Between Patch Tuesdays New Product Support: AutoCad Map 3D 20162017, SQL Server 2014 SP2, KeePass ClassicPro MSI Security Updates: KeePass Pro MSI (1), MS16-095 (additional patches released) (1), FireFox (2), Microsoft (3), Skype (1), Thunderbird (1), Opera (1), RealTimes Player (1), Chrome (1), Wireshark (1), GoToMeeting (1), PeaZip (1), MozyHome (1) Non-Security Updates: Microsoft (45), TeamViewer (1), Citrix VDA Core Services, Ccleaner (1), GoodSync (4), HipChat (3), WinSCP (1), WinRar (1), AutoCad (4), DropBox (4), Slack Machin-Wide Installer (2), MozyHome, Splunk Forwarder (1), FileZilla (1), SnagIt (1), Google Earth (1), CDBurnerXP (1), Tomcat (2), LibreOffice (1) Security Tools: Microsoft (1)
  • 25. Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.

Editor's Notes

  1. NEARLY 50% OPEN E-MAILS AND CLICK ON PHISHING LINKS WITHIN THE FIRST HOUR.
  2. Microsoft Announcement: https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/
  3. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Exploited in Wild CVE-2016-3351 User Targeted - Privilege Management Mitigates Impact
  4. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. Ensure that your Internet Explorer version is at the latest for the OS you are installed on. Microsoft is only updating the latest version for each supported OS since January 2016. For details please see: https://support.microsoft.com/en-us/lifecycle#gp/Microsoft-Internet-Explorer Exploited in Wild CVE-2016-3351 User Targeted - Privilege Management Mitigates Impact Known issues with this security update Microsoft is aware of limited issues in which an ActiveX install may fail when using the ActiveX Installer Service (AXIS) with Internet Explorer 10 or Internet Explorer 11.Nonsecurity-related fixes that are included in this security update General distribution release (GDR) fixes Individual updates may not be installed, depending on your version of Windows and the version of the affected application. See the individual articles to determine your update status. 3191335Background image is positioned incorrectly by using inline elements in Internet Explorer 11 or Microsoft Edge 3191336"Permission Denied" script error in Internet Explorer 11 3191337Print image fails on websites by using X-Frame-Options: SAMEORIGIN header in Internet Explorer 11 3191338The getBoundingClientRect() method returns an incorrect value in Internet Explorer 11 3191341"Print all linked documents" doesn't print all linked documents in Internet Explorer 11 Multiple Microsoft Internet Explorer Memory Corruption Vulnerabilities Multiple remote code execution vulnerabilities exist in the way that Internet Explorer accesses objects in memory. The vulnerabilities could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment. In addition to installing this update are there any further steps I need to carry out to be protected from CVE-2016-3375?  Yes. Although protecting Windows 10 systems from CVE-2016-3375 requires no additional steps other than installing the September Windows 10 cumulative update, for all other affected operating systems installing the 3185319 cumulative update by itself does not fully protect against CVE-2016-3375 — you must also install security update 3184122 in MS16-116 to be fully protected from the vulnerability. I am running Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2. Does this mitigate these vulnerabilities?  Yes. By default, Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server. This is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone. Can EMET help mitigate attacks that attempt to exploit these vulnerabilities?  Yes. The Enhanced Mitigation Experience Toolkit (EMET) enables users to manage security mitigation technologies that help make it more difficult for attackers to exploit memory corruption vulnerabilities in a given piece of software. EMET can help mitigate attacks that attempt to exploit these vulnerabilities in Internet Explorer on systems where EMET is installed and configured to work with Internet Explorer.
  5. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User targeted vulnerabilities – Privilege Management Mitigates Impact Multiple Microsoft Edge Memory Corruption Vulnerabilities Multiple remote code execution vulnerabilities exist in the way that Microsoft Edge handles objects in memory. The vulnerabilities could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerabilities through Microsoft Edge and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the Edge rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerabilities.
  6. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. Multiple Win32k Elevation of Privilege Vulnerabilities Multiple elevation of privilege vulnerabilities exist in the way that certain Windows kernel-mode drivers handle objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit these vulnerabilities, an attacker would first have to log on to the system. An attacker could then run a specially crafted application to take control of an affected system. The update addresses the vulnerabilities by correcting how certain Windows kernel-mode drivers handle objects in memory. GDI Remote Code Execution Vulnerability – CVE-2016-3356 A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerabilities: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerabilities and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to open an email attachment or click a link in an email or instant message. In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit the vulnerabilities, and then convince users to open the document file.
  7. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User targeted vulnerabilities – Privilege Management Mitigates Impact Note that where the severity is indicated as Critical in the Affected Software and Vulnerability Severity Ratings table, the Preview Pane is an attack vector for CVE-2016-3357. Multiple Microsoft Office Memory Corruption Vulnerabilities Multiple remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince them to open the specially crafted file.
  8. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User Targeted Why is Microsoft issuing a security update for vulnerabilities that are in third-party code, Oracle Outside In libraries?  Microsoft licenses a custom implementation of the Oracle Outside In libraries, specific to the product in which the third-party code is used. Microsoft is issuing this security update to help ensure that all customers using this third-party code in Microsoft Exchange are protected from these vulnerabilities. For more information about these vulnerabilities, see Oracle Critical Patch Update Advisory – July 2016. Microsoft Exchange Information Disclosure Vulnerability – CVE-2016-0138 An information disclosure vulnerability exists in the way that Microsoft Exchange Server parses email messages. The vulnerability could allow an attacker to discover confidential user information that is contained in Microsoft Outlook applications. To exploit the vulnerability, an attacker could use "send as" rights to send a specially crafted message to a user. The security update addresses the vulnerabilities by correcting how Microsoft Exchange parses certain unstructured file formats. Microsoft Exchange Open Redirect Vulnerability – CVE-2016-3378 An open redirect vulnerability exists in Microsoft Exchange that could lead to Spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL, and convince the user to click the link. When an authenticated Exchange user clicks the link, the authenticated user's browser session could be redirected to a malicious site that is designed to impersonate a legitimate website. By doing so, the attacker could trick the user and potentially acquire sensitive information, such as the user's credentials. Microsoft Exchange Elevation of Privilege Vulnerability – CVE-2016-3379 An elevation of privilege vulnerability exists in the way that Microsoft Outlook handles meeting invitation requests. To exploit the vulnerability, an attacker could send a specially crafted Outlook meeting invitation request with malicious cross-site scripting (XSS) capability to a user.
  9. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. Does not apply to Server Core edition User targeted vulnerabilities – Privilege Management Mitigates Impact In addition to installing this update are there any further steps I need to carry out to be protected from CVE-2016-3375?  Yes. Although protecting Windows 10 systems from CVE-2016-3375 requires no additional steps other than installing the September Windows 10 cumulative update, for all other affected operating systems installing the 3184122 security update by itself does not fully protect against CVE-2016-3375 — you must also install Internet Explorer cumulative update 3185319 in MS16-104 to be fully protected from the vulnerability. Scripting Engine Memory Corruption Vulnerability – CVE-2016-3375 A remote code execution vulnerability exists in the way that the Microsoft OLE Automation mechanism and the VBScript Scripting Engine in Internet Explorer access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment. The update, in conjunction with the Internet Explorer update in MS16-104, addresses the vulnerability by modifying how the Microsoft OLE Automation mechanism and the VBScript Scripting Engine in Internet Explorer handle objects in memory.
  10. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. There is a chance that after applying MS16-110 and rebooting MS13-079 could show up as required and will successfully install. So there is an edge case were previously MS13-079 was not applicable before and after applying this update would be applicable. The patch will install successfully. Microsoft Information Disclosure Vulnerability – CVE-2016-3352 An information disclosure vulnerability exists when Windows fails to properly validate NT LAN Manager (NTLM) Single Sign-On (SSO) requests during Microsoft Account (MSA) login sessions. An attacker who successfully exploited the vulnerability could attempt to brute force a user’s NTLM password hash. To exploit the vulnerability, an attacker would have to trick a user into browsing to a malicious website, or to an SMB or UNC path destination, or convince a user to load a malicious document that initiates an NTLM SSO validation request without the consent of the user. To validate MSA NTLM SSO authentication requests properly, it is imperative that Windows client operating system firewall profiles and enterprise perimeter firewalls are configured correctly. If users are connected to the “Guest or public networks” firewall profile it would imply that no enterprise perimeter firewall is present between the user and the Internet. The security update addresses the vulnerability by preventing NTLM SSO authentication to non-private SMB resources when users are signed in to Windows via a Microsoft Account network firewall profile for users who are signed in to Windows via a Microsoft account (https://www.microsoft.com/account) and connected to a “Guest or public networks” firewall profile. An enterprise perimeter firewall can be used to prevent this type of attack. See Knowledge Base Article 3285535 for guidance on configuring an enterprise perimeter firewall.
  11. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User targeted vulnerabilities How could an attacker exploit these vulnerabilities?  In a web-based attack scenario where the user is using Internet Explorer for the desktop, an attacker could host a specially crafted website that is designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit any of these vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a web-based attack scenario where the user is using Internet Explorer in the Windows 8-style UI, an attacker would first need to compromise a website already listed in the Compatibility View (CV) list. An attacker could then host a website that contains specially crafted Flash content designed to exploit any of these vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by clicking a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. For more information about Internet Explorer and the CV List, please see the MSDN Article, Developer Guidance for websites with content for Adobe Flash Player in Windows 8. Workarounds for the following: https://technet.microsoft.com/library/security/MS16-117 Prevent Adobe Flash Player from running Prevent Adobe Flash Player from running in Internet Explorer through Group Policy Prevent Adobe Flash Player from running in Office 2010 on affected systems Prevent ActiveX controls from running in Office 2007 and Office 2010 Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone Add sites that you trust to the Internet Explorer Trusted sites zone
  12. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User targeted vulnerabilities Updating Flash Player requires updates for Flash Player, IE, Chrome, and Firefox WARNING This page and the download links will be decommissioned on Sep 29, 2016.   If you are downloading Adobe Flash Player for your personal use, please visit get.adobe.com/flashplayer.   Organizations that distribute Adobe Flash Player internally must have a valid license and AdobeID to download and distribute Flash Player binaries. Instructions and further details on obtaining a distribution license are available at the Adobe Flash Player Distribution Page.
  13. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User Targeted
  14. Shavlik Priority: Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. User targeted vulnerabilities – Privilege Management Mitigates Impact Microsoft Silverlight Memory Corruption Vulnerability - CVE-2016-3367 A remote code execution vulnerability exists when Microsoft Silverlight improperly allows applications to access objects in memory. The vulnerability could corrupt system memory, which could allow an attacker to execute arbitrary code. In a web-browsing scenario, an attacker who successfully exploited this vulnerability could obtain the same permissions as the currently logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker could host a website that contains a specially crafted Silverlight application and then convince a user to visit the compromised website. The attacker could also take advantage of websites containing specially crafted content, including those that accept or host user-provided content or advertisements. For example, an attacker could display specially crafted web content by using banner advertisements or by using other methods to deliver web content to affected systems. However, in all cases an attacker would have no way to force a user to visit a compromised website. Instead, an attacker would have to convince a user to visit the website, typically by enticing the user to click a link in either an email or instant message. The update addresses the vulnerability by correcting how Microsoft Silverlight allocates memory for inserting and appending strings in StringBuilder.
  15. Shavlik Priority: Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. Multiple Windows Session Object Elevation of Privilege Vulnerabilities Multiple Windows session object elevation of privilege vulnerabilities exist in the way that Windows handles session objects. A locally authenticated attacker who successfully exploited the vulnerabilities could hijack the session of another user. To exploit the vulnerabilities the attacker could run a specially crafted application. The update corrects how Windows handles session objects to prevent user session hijacking. Windows Kernel Elevation of Privilege Vulnerability – CVE-2016-3372 An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality. To exploit the vulnerability a locally-authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly enforces permissions. Windows Kernel Elevation of Privilege Vulnerability –CVE-2016-3373 An elevation of privilege vulnerability exists when the Windows Kernel API improperly allows a user to access sensitive registry information. An attacker who successfully exploited the vulnerability could gain access to user account information that is not intended for the user. A locally-authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API correctly restricts access to user account information.
  16. Shavlik Priority: Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. Windows Lock Screen Elevation of Privilege Vulnerability – CVE-2016-3302 An elevation of privilege vulnerability exists when Windows improperly allows web content to load from the Windows lock screen. To exploit the vulnerability, an attacker with physical access to a user’s computer could either connect to a maliciously configured WiFi hotspot or insert a mobile broadband adaptor in the user’s computer. An attacker who successfully exploited the vulnerability could potentially execute code on a user's locked computer. However, the attacker would have no way to either force a user to connect to the hotspot or control the default browser selection on the user’s computer. The security update addresses the vulnerability by correcting the behavior of the Windows lock screen to prevent unintended web content from loading.
  17. Shavlik Priority: Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. Windows Secure Kernel Mode Information Disclosure Vulnerability – CVE-2016-3344 An information disclosure vulnerability exists in Windows when Windows Secure Kernel Mode improperly handles objects in memory. A locally-authenticated attacker could attempt to exploit the vulnerability by running a specially crafted application on a targeted system. Note that the information disclosure vulnerability alone would not be sufficient for an attacker to compromise a system, but would have to be combined with additional vulnerabilities to further exploit the system. The security update addresses the vulnerability by correcting how Windows handles objects in memory to prevent information disclosure.
  18. Shavlik Priority: Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. Windows SMB Authenticated Remote Code Execution Vulnerability – CVE-2016-3345 For Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 operating systems a remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) Server handles certain requests when an authenticated attacker sends specially crafted packets to the SMBv1 server. The vulnerability does not impact other SMB Server versions. On later operating systems an attacker who successfully exploited this vulnerability could cause the affected system to stop responding until it is manually restarted. To exploit the vulnerability an attacker would first need to authenticate to the SMBv1 Server and have permission to open files on the target server before attempting the attack. What versions of SMB are impacted by this vulnerability?  This vulnerability affects only SMBv1.
  19. Shavlik Priority: Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. User Targeted Multiple PDF Library Information Disclosure Vulnerabilities Multiple information disclosure vulnerabilities exist in the way that the Windows PDF Library handles objects in memory. An attacker who successfully exploited the vulnerabilities could obtain information to further compromise a target system. In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerabilities. Additionally, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could be used to exploit the vulnerabilities. However, in all cases an attacker would have no way to force users to view attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker's site. The update addresses the vulnerabilities by correcting how certain functions handle objects in memory.
  20. Sign up for Content Announcements: Email http://www.shavlik.com/support/xmlsubscribe/ RSS http://protect7.shavlik.com/feed/ Twitter @ShavlikXML Follow us on: Shavlik on LinkedIn Twitter @ShavlikProtect Shavlik blog -> www.shavlik.com/blog Chris Goettl on LinkedIn Twitter @ChrisGoettl Sign up for webinars or download presentations and watch playbacks: http://www.shavlik.com/webinars/