Patch Tuesday Analysis - July 2016
•Als PPTX, PDF herunterladen•
0 gefällt mir•449 views
Ivanti July 2016 Patch Tuesday Analysis Webinar – Formerly Shavlik
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (17)
Andere mochten auch
Andere mochten auch (16)
Ähnlich wie Patch Tuesday Analysis - July 2016
Ähnlich wie Patch Tuesday Analysis - July 2016 (19)
Mehr von Ivanti
Mehr von Ivanti (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Patch Tuesday Analysis - July 2016
- 1. Patch Tuesday Webinar Wednesday, July 14th, 2016 Chris Goettl • Product Manager, Shavlik Dial In: 1-855-749-4750 (US) Attendees: 921 436 955
- 2. Agenda July 2016 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
- 3. Best Practices Privilege Management Mitigates Impact of many exploits High Threat Level vulnerabilities warrant fast rollout. 2 weeks or less is ideal to reduce exposure. User Targeted – Whitelisting and Containerization mitigate
- 5. OF RECIPIENTS NOW OPEN PHISHING MESSAGES AND 11% CLICK ON ATTACHMENTS. 23%“ Verizon 2015 Data Breach Investigations Report http://www.verizonenterprise.com/DBIR/2015/”
- 6. The weakest link Definition: User Targeted A vulnerability that cannot be exploited except by means of convincing a user to take an action. These often take the form of phishing attacks, targeted web content or documents designed to exploit the vulnerability. 0 2 4 6 8 10 12 14 16 18 January February March April May June Bulletin Count User Targeted
- 7. Mitigate Impact A vulnerability that when exploited allows the attacker to operate in the context of the current user. Reducing user privileges reduces the attackers ability to operate thereby slowing their ability to move around your environment. 0 2 4 6 8 10 12 14 16 18 January February March April May June Bulletin Count Privilege Management Reduces Impact Privilege Management Reduces Impact:
- 11. News – • Server 2003 End of Life Anniversary July 14th 2016 • Windows 10 Anniversary Release (Build 1607) coming on August 2nd • Shavlik Protect 9.2 support for Windows 10 Branch Upgrades • Shavlik Protect 9.2 Update 3 released including 20 bug fixes • Shavlik Protect 9.0 and 9.1 End of Life coming this fall and winter
- 12. CSWU-026: Cumulative update for Windows 10: July 12, 2016 Maximum Severity: Critical Affected Products: Windows 10, Edge, Internet Explorer, .Net Framework, Flash for IE Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-084, MS16-085, MS16-087, MS16-089, MS16-090, MS16-091, MS16-092, MS16-093, MS16-094 Impact: Remote Code Execution, Elevation of Privilege, Fixes 33 vulnerabilities: CVE-2016-3238, CVE-2016-3239, CVE-2016-3204, CVE-2016-3240, CVE-2016-3241, CVE-2016-3242, CVE-2016-3243, CVE-2016- 3244, CVE-2016-3245, CVE-2016-3246, CVE-2016-3248, CVE-2016-3249, CVE-2016-3250, CVE-2016-3251, CVE-2016-3252, CVE-2016-3254, CVE-2016-3286, CVE-2016-3256, CVE-2016-259, CVE-2016-3260, CVE-2016-3261, CVE-2016-3264, CVE-2016- 3265, CVE-2016-3269, CVE-2016-3271, CVE-2016-3273, CVE-2016-3274, CVE-2016-3276, CVE-2016-3277, CVE-2016-3255, CVE-2016-3258, CVE-2016-3272, CVE-2016-3287 Restart Required: Requires Restart
- 13. MS16-084: Cumulative Security Update for Internet Explorer (3169991) Maximum Severity: Critical Affected Products: Internet Explorer Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Impact: Remote Code Execution Fixes 15 vulnerabilities: CVE-2016-3204, CVE-2016-3240, CVE-2016-3241, CVE-2016-3242, CVE-2016-3243, CVE-2016-3245, CVE-2016-3248, CVE-2016- 3259, CVE-2016-3260, CVE-2016-3261, CVE-2016-3264, CVE-2016-3273, CVE-2016-3274, CVE-2016-3276, CVE-2016-3277 Restart Required: Requires Restart
- 14. MS16-085: Cumulative Security Update for Microsoft Edge (3169999) Maximum Severity: Critical Affected Products: Edge Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights. Impact: Remote Code Execution Fixes 13 vulnerabilities: CVE-2016-3244, CVE-2016-3246, CVE-2016-3248, CVE-2016-3259, CVE-2016-3260, CVE-2016-3264, CVE-2016-3265, CVE-2016- 3269, CVE-2016-3271, CVE-2016-3273, CVE-2016-3274, CVE-2016-3276, CVE-2016-3277 Restart Required: Requires Restart
- 15. MS16-086: Cumulative Security Update for JScript and VBScript (3169996) Maximum Severity: Critical Affected Products: Windows Description: This security update resolves a vulnerability in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Impact: Remote Code Execution Fixes 1 vulnerabilities: CVE-2016-3204 Restart Required: May Require Restart
- 16. MS16-087: Security Update for Windows Print Spooler Components (3170005) Maximum Severity: Critical Affected Products: Windows Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker is able to execute a man-in-the-middle (MiTM) attack on a workstation or print server, or set up a rogue print server on a target network. Impact: Remote Code Execution Fixes 2 vulnerabilities: CVE-2016-3238, CVE-2016-3239 Restart Required: May Require Restart
- 17. MS16-088: Security Update for Microsoft Office (3170008) Maximum Severity: Critical Affected Products: Office, SharePoint Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Impact: Remote Code Execution Fixes 7 vulnerabilities: CVE-2016-3278, CVE-2016-3279, CVE-2016-3280, CVE-2016-3281, CVE-2016-3282, CVE-2016-3283, CVE-2016-3284 Restart Required: May Require Restart
- 18. MS16-093: Security Update for Adobe Flash Player (3174060) Maximum Severity: Critical Affected Products: Flash Player for Internet Explorer Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows Server 2012 R2, and Windows 10. Impact: Remote Code Execution Fixes 52 vulnerabilities: CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016- 4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016- 4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016- 4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249 Restart Required: Requires Restart
- 19. APBS16-25: Security updates available for Adobe Flash Player Maximum Severity: Priority 1 Affected Products: Adobe Flash Player Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Impact: Remote Code Execution Fixes 52 vulnerabilities: CVE-2016-4172, CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016- 4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016- 4220, CVE-2016-4221, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4233, CVE-2016-4234, CVE-2016- 4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, CVE-2016-4246, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249 Restart Required:
- 20. MS16-092: Security Update for Windows Kernel (3171910) Maximum Severity: Important Affected Products: Windows Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow security feature bypass if the Windows kernel fails to determine how a low integrity application can use certain object manager features. Impact: Security Feature Bypass Fixes 2 vulnerabilities: CVE-2016-3258, CVE-2016-3272 (Publicly Disclosed) Restart Required: Requires Restart
- 21. MS16-094: Security Update for Secure Boot (3177404) Maximum Severity: Important Affected Products: Windows Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow Secure Boot security features to be bypassed if an attacker installs an affected policy on a target device. An attacker must have either administrative privileges or physical access to install a policy and bypass Secure Boot. Impact: Security Feature Bypass Fixes 1 vulnerabilities: CVE-2016-3287 (Publicly Disclosed) Restart Required: Requires Restart
- 22. MS16-089: Security Update for Windows Secure Kernel Mode (3170050) Maximum Severity: Important Affected Products: Windows Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory. Impact: Information Disclosure Fixes 1 vulnerabilities: CVE-2016-3256 Restart Required: Requires Restart
- 23. MS16-090: Security Update for Windows Kernel-Mode Drivers (3171481) Maximum Severity: Important Affected Products: Windows Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. Impact: Elevation of Privilege Fixes 6 vulnerabilities: CVE-2016-3249, CVE-2016-3250, CVE-2016-3251, CVE-2016-3252, CVE-2016-3254, CVE-2016-3286 Restart Required: Requires Restart
- 24. MS16-091: Security Update for .NET Framework (3170048) Maximum Severity: Important Affected Products: .Net Framework Description: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to a web-based application. Impact: Information Disclosure Fixes 1 vulnerabilities: CVE-2016-3255 Restart Required: May Require Restart
- 25. APSB16-26: Security updates available for Adobe Acrobat and Reader Maximum Severity: Priority 2 Affected Products: Adobe Acrobat and Reader Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to a domain controller (DC) on a target network runs a specially crafted application to establish a secure channel to the DC as a replica domain controller. Impact: Remote Code Execution Fixes 30 vulnerabilities: CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016- 4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4209, CVE-2016-4210, CVE-2016-4211, CVE-2016-4212, CVE-2016- 4213, CVE-2016-4214, CVE-2016-4215, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4255 Restart Required:
- 26. Between Patch Tuesdays New Product Support: Apache Tomcat 8.5, SQL Server 2016 x64, XMind, Windows 10 1511 Deployment, Security Updates: Microsoft (1), Chrome (2), Flash Player (1), Adobe AIR (1), Pidgin (1), Skype (2), Tomcat (1), LibreOffice (1), FireFox (1), Foxit Reader (2), FilieZilla (1), Opera (1), Thunderbird (1), Non-Security Updates: Microsoft (38), BoxSync (1), CCleaner (1), CDBurner XP (1), GoToMeeting (1), DropBox (2), RealVNC (1), Tomcat (1), Citrix VDA Core Services (2), Foxit Phantom PDF (2), GoodSync (2), PDFCreator (1), Slack Machine-Wide Installer (1), XMind (1), PSPad (1), Citrix XenApp (1), HipChat (1), TeamViewer (1), TightVNC (1), Security Tools:
- 28. Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.
- 29. Thank you
Hinweis der Redaktion
- NEARLY 50% OPEN E-MAILS AND CLICK ON PHISHING LINKS WITHIN THE FIRST HOUR.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. User Targeted - Privilege Management Mitigates Impact
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. Ensure that your Internet Explorer version is at the latest for the OS you are installed on. Microsoft is only updating the latest version for each supported OS since January 2016. For details please see: https://support.microsoft.com/en-us/lifecycle#gp/Microsoft-Internet-Explorer User Targeted - Privilege Management Mitigates Impact Multiple Microsoft Internet Explorer Memory Corruption Vulnerabilities Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. The vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by an enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. The update addresses the vulnerabilities by modifying how Internet Explorer handles objects in memory.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User targeted vulnerabilities – Privilege Management Mitigates Impact Microsoft Edge Security Feature Bypass – CVE-2016-3244 A security feature bypass exists when Microsoft Edge does not properly implement Address Space Layout Randomization (ASLR). The vulnerability could allow an attacker to bypass the ASLR security feature, after which the attacker could load additional malicious code in the process in an attempt to exploit another vulnerability. An attacker who successfully exploited this vulnerability could bypass the ASLR security feature, which protects users from a broad class of vulnerabilities. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability that could take advantage of the ASLR bypass to run arbitrary code. In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have no way to force users to visit a specially crafted website. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker's site. The update addresses the vulnerability by helping to ensure that Microsoft Edge properly implements ASLR.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User Targeted - Privilege Management Mitigates Impact Scripting Engine Memory Corruption Vulnerability - CVE-2016-3204 A remote code execution vulnerability exists in the way that the JScript and VBScript engines render when handling objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The update addresses the vulnerability by modifying how the JScript and VBScript scripting engines handle objects in memory.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. Windows Print Spooler Remote Code Execution Vulnerability - CVE-2016-3238 A remote code execution vulnerability exists when the Windows Print Spooler service does not properly validate print drivers while installing a printer from servers. An attacker who successfully exploited this vulnerability could use it to execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit this vulnerability, an attacker must be able to execute a man-in-the-middle (MiTM) attack on a workstation or print server, or set up a rogue print server on a target network. The update addresses the vulnerability by issuing a warning to users who attempt to install untrusted printer drivers.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User Targeted - Privilege Management Mitigates Impact Multiple Microsoft Office Memory Corruption Vulnerabilities Multiple remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince them to open the specially crafted file. Note that where the severity is indicated as Critical in the Affected Software and Vulnerability Severity Ratings table, the Preview Pane is an attack vector for CVE-2016-3280, CVE-2016-3281, and CVE-2016-3282. The security update addresses the vulnerabilities by correcting how Office handles objects in memory.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User Targeted
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. Windows Kernel Information Disclosure Vulnerability – (Publicly Disclosed) CVE-2016-3272 An information disclosure vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle certain page fault system calls. An authenticated attacker who successfully exploited this vulnerability could disclose information from one process to another. To exploit the vulnerability, an attacker would have to either log on locally to an affected system, or convince a locally authenticated user to execute a specially crafted application. The update addresses this vulnerability by correcting how the Windows kernel handles certain page fault system calls.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. To fully patch Flash Player you need to update the Player and plug-ins in all browsers. This could mean 4 updates for Flash, Flash for IE, Flash for Firefox, and Chrome.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. Windows Secure Kernel Mode Information Disclosure Vulnerability – CVE-2016-3256 An information disclosure vulnerability exists when Windows Secure Kernel Mode improperly handles objects in memory. A locally-authenticated attacker who successfully exploited this vulnerability could be able to read sensitive information on the target system. To exploit this vulnerability, an attacker could run a specially crafted application on the target system. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system. The update addresses the vulnerability by correcting how Windows Secure Kernel Mode handles objects in memory.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. Multiple Win32k Elevation of Privilege Vulnerabilities Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit these vulnerabilities, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerabilities and take control of an affected system. The update addresses these vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. .NET Information Disclosure Vulnerability - CVE-2016-3255 An information disclosure vulnerability exists when .NET Framework improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity declaration. To exploit the vulnerability, an attacker could create specially crafted XML data and induce an application to parse and validate the XML data. For example, an attacker could create an XML file and upload it to a web-based application. The update addresses the vulnerability by modifying the way that the XML External Entity (XXE) parser parses XML input.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks.
- Sign up for Content Announcements: Email http://www.shavlik.com/support/xmlsubscribe/ RSS http://protect7.shavlik.com/feed/ Twitter @ShavlikXML Follow us on: Shavlik on LinkedIn Twitter @ShavlikProtect Shavlik blog -> www.shavlik.com/blog Chris Goettl on LinkedIn Twitter @ChrisGoettl Sign up for webinars or download presentations and watch playbacks: http://www.shavlik.com/webinars/