3. Best Practices
Privilege Management
Mitigates Impact of
many exploits
High Threat Level vulnerabilities
warrant fast rollout. 2 weeks or
less is ideal to reduce exposure.
User Targeted – Whitelisting
and Containerization
mitigate
9. MS16-129: Cumulative Security Update for Microsoft Edge (3199057)
Maximum Severity: Critical
Affected Products: Edge
Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote
code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities
could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system
could be less impacted than users with administrative user rights.
Impact: Remote Code Execution
Fixes 17 vulnerabilities:
CVE-2016-7195, CVE-2016-7196, CVE-2016-7198, CVE-2016-7199 (Publicly Disclosed), CVE-2016-7200, CVE-2016-7201, CVE-
2016-7202, CVE-2016-7203, CVE-2016-7204, CVE-2016-7208, CVE-2016-7209 (Publicly Disclosed), CVE-2016-7227, CVE-2016-
7239, CVE-2016-7240, CVE-2016-7241, CVE-2016-7242, CVE-2016-7243,
Restart Required: Requires Restart
10. MS16-130: Security Update for Microsoft Windows (3199172)
Maximum Severity: Critical
Affected Products: Windows
Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow
remote code execution if a locally authenticated attacker runs a specially crafted application.
Impact: Remote Code Execution
Fixes 3 vulnerabilities:
CVE-2016-7212, CVE-2016-7221, CVE-2016-7222
Restart Required: Requires Restart
11. MS16-131: Security Update for Microsoft Video Control (3199151)
Maximum Severity: Critical
Affected Products: Windows
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution
when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run
arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a
program from either a webpage or an email message..
Impact: Remote Code Execution
Fixes 1 vulnerabilities:
CVE-2016-7248
Restart Required: Requires Restart
12. MS16-132: Security Update for Microsoft Graphics Component (3199120)
Maximum Severity: Critical
Affected Products: Windows
Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe being of the vulnerabilities could
allow a remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory if a user
visits a malicious webpage. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or
create new accounts with full user rights.
Impact: Remote Code Execution
Fixes 4 vulnerabilities:
CVE-2016-7205, CVE-2016-7210, CVE-2016-7217, CVE-2016-7256 (Exploited)
Restart Required: May Require Restart
13. MS16-135: Security Update for Windows Kernel-Mode Drivers (3199135)
Maximum Severity: Important
Affected Products: Windows
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution
if Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run
arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a
program from either a webpage or an email message.
Impact: Elevation of Privilege
Fixes vulnerabilities:
CVE-2016-7214, CVE-2016-7215, CVE-2016-7218, CVE-2016-7246, CVE-2016-7255 (Publicly Disclosed, Exploited)
Restart Required: Requires Restart
14. MS16-141: Security Update for Adobe Flash Player (3202790)
Maximum Severity: Critical
Affected Products: Adobe Flash Player Plug-In for IE
Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows
8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10..
Impact: Remote Code Execution
Fixes 9 vulnerabilities:
CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-
7864, CVE-2016-7865
Restart Required: Requires Restart
15. MS16-142: Cumulative Security Update for Internet Explorer (3198467)
Maximum Severity: Critical
Affected Products: Internet Explorer
Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow
remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the
vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker
could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with
full user rights.
Impact: Remote Code Execution
Fixes 7 vulnerabilities:
CVE-2016-7239, CVE-2016-7227, CVE-2016-7198, CVE-2016-7199 (Publicly Disclosed), CVE-2016-7195, CVE-2016-7196, CVE-
2016-7241
Restart Required: Requires Restart
16. APSB16-37: Security updates available for Adobe Flash Player
Maximum Severity: Critical
Affected Products: Adobe Flash Player
Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These
updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. .
Impact: Remote Code Execution
Fixes 9 vulnerabilities:
CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-
7863, CVE-2016-7864, CVE-2016-7865
Restart Required: Requires Restart
17. MS16-133: Security Update for Microsoft Office (3199168)
Maximum Severity: Important
Affected Products: Windows
Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow
elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities
and take control of an affected system.
Impact: Remote Code Execution
Fixes 12 vulnerabilities:
CVE-2016-7213, CVE-2016-7228, CVE-2016-7229, CVE-2016-7230, CVE-2016-7231, CVE-2016-7232, CVE-2016-7233, CVE-2016-
7234, CVE-2016-7235, CVE-2016-7236, CVE-2016-7244, CVE-2016-7245
Restart Required: May Require Restart
18. MS16-134: Security Update for Common Log File System Driver (3193706)
Maximum Severity: Important
Affected Products: Windows
Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege
when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker
could exploit these vulnerabilities by running a specially crafted application to take complete control over the affected system. An attacker
who successfully exploits this vulnerability could run processes in an elevated context.
Impact: Elevation of Privilege
Fixes 10 vulnerabilities:
CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-
3342, CVE-2016-3343, CVE-2016-7184
Restart Required: Requires Restart
19. MS16-136: Security Update for SQL Server (3199641)
Maximum Severity: Important
Affected Products: SQL Server
Description: This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an
attacker could to gain elevated privileges that could be used to view, change, or delete data; or create new accounts. The security update
addresses these most severe vulnerabilities by correcting how SQL Server handles pointer casting.
Impact: Elevation of Privilege
Fixes 6 vulnerabilities:
CVE-2016-7249, CVE-2016-7250, CVE-2016-7251, CVE-2016-7252, CVE-2016-7253, CVE-2016-7254
Restart Required: May Require Restart
20. MS16-137: Security Update for Windows Authentication Methods
(3199173)
Maximum Severity: Important
Affected Products: Windows
Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow
elevation of privilege. To exploit this vulnerability, the attacker would first need to authenticate to the target, domain-joined system using valid
user credentials. An attacker who successfully exploited this vulnerability could elevate their permissions from unprivileged user account to
administrator. The attacker could then install programs; view, change or delete data; or create new accounts. The attacker could
subsequently attempt to elevate by locally executing a specially crafted application designed to manipulate NTLM password change
requests..
Impact: Elevation of Privilege
Fixes 3 vulnerabilities:
CVE-2016-7220, CVE-2016-7237, CVE-2016-7238
Restart Required: Requires Restart
21. MS16-138: Security Update to Microsoft Virtual Hard Disk Driver
(3199647)
Maximum Severity: Important
Affected Products: Windows
Description: This security update resolves vulnerabilities in Microsoft Windows. The Windows Virtual Hard Disk Driver improperly
handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this
vulnerability.
Impact: Elevation of Privilege
Fixes 4 vulnerabilities:
CVE-2016-7223, CVE-2016-7224, CVE-2016-7225, CVE-2016-7226
Restart Required: Requires Restart
22. MS16-139: Security Update for Windows Kernel (3199720)
Maximum Severity: Important
Affected Products: Windows
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if
an attacker runs a specially crafted application to access sensitive information. A locally authenticated attacker could attempt to exploit this
vulnerability by running a specially crafted application. An attacker can gain access to information not intended to be available to the user by
using this method.
Impact: Elevation of Privilege
Fixes 1 vulnerabilities:
CVE-2016-7216
Restart Required: Requires Restart
23. MS16-140: Security Update for Boot Manager (3193479)
Maximum Severity: Important
Affected Products: Windows
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass
if a physically-present attacker installs an affected boot policy.
Impact: Security Feature Bypass
Fixes 1 vulnerabilities:
CVE-2016-7247
Restart Required: Requires Restart
24. Between Patch Tuesdays
New Product Support: Server 2016, .Net 4.6.2, Infopath for Office 365,
RealVNC Connect 6
Security Updates: Chrome (3), Open Office (1), Microsoft (7), Opera (2), Skype
(2), Foxit Reader (1), Java 8 (1), Firefox (1), GoToMeeting (2), Tomcat (1),
VMware Tools (1), Flash Player (1), UltraVNC (1), iTunes (1), Filezilla, HP System
Management Homepage (1), iTunes (1), Acrobat Reader (1),
Non-Security Updates: Google Earth (1), PDFCreator (1), Tomcat (2), Microsoft
(46) , Ccleaner (1), Google Drive (1), Notepad++ (1), Foxit Phantom (1),
GoodSync (2), Java 8 (1), MozyHome (1), CDBurnerXP (1), Dropbox (1), Citrix
Delivery Controller (1), Zimbra (1), SnagIt (1), Libre Office (2), Winzip (1),
VMware Player (1), Filezilla (1), PeaZip (1)
Security Tools:
25.
26. Resources and Webinars
Get Shavlik Content Updates
Get Social with Shavlik
Sign up for next months
Patch Tuesday Webinar
Watch previous webinars
and download presentation.
NEARLY 50% OPEN E-MAILS AND CLICK ON PHISHING LINKS WITHIN THE FIRST HOUR.
Microsoft Announcement:
https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
User Targeted - Privilege Management Mitigates Impact
CVE-2016-7199 (Publicly Disclosed)
CVE-2016-7209 (Publicly Disclosed)
CVE-2016-7255 (Publicly Disclosed, Exploited)CVE-2016-7256 (Exploited)
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
The Security Only Quality Update is marked as Patch Type Security. This bundle includes multiple updates in a single installable package. This update does not include the Non-Security Updates and is not cumulative.
User Targeted - Privilege Management Mitigates Impact
CVE-2016-7256 (Exploited)
CVE-2016-7255 (Publicly Disclosed, Exploited)
CVE-2016-7199 (Publicly Disclosed)
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
The Security Only Quality Update is marked as Patch Type Security. This bundle includes multiple updates in a single installable package. This update does not include the Non-Security Updates and is not cumulative.
User Targeted - Privilege Management Mitigates Impact
CVE-2016-7256 (Exploited)
CVE-2016-7255 (Publicly Disclosed, Exploited)
CVE-2016-7199 (Publicly Disclosed)
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release.
User Targeted - Privilege Management Mitigates Impact
CVE-2016-7199 (Publicly Disclosed),
CVE-2016-7209 (Publicly Disclosed),
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release.
User targeted vulnerabilities
To exploit this vulnerability, a locally authenticated attacker could run a specially crafted application.
To exploit the vulnerability, a locally authenticated attacker could use Windows Task Scheduler to schedule a new task with a malicious UNC path.
To exploit the vulnerability, an attacker would have to convince a user to load a malformed image file from either a webpage or an email message.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release.
User Targeted - Privilege Management Mitigates Impact
Microsoft Video Control Remote Code Execution Vulnerability – CVE-2016-7248
A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
To exploit the vulnerability, an attacker would have to convince a user to open either a specially crafted file or application from either a webpage or an email message. The update addresses the vulnerability by correcting how Microsoft Video Control handles objects in memory.
Note that where the severity is indicated as Critical in the Affected Software and Vulnerability Severity Ratings table, the Outlook Preview Pane is an attack vector for CVE-2016-7248.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release.
User targeted vulnerabilities – Privilege Management Mitigates Impact
CVE-2016-7256 (Exploited)
Open Type Font Remote Code Execution Vulnerability – CVE-2016-7256
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
There are multiple ways an attacker could exploit the vulnerability:
•In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.
•In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit the vulnerability, and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release.
CVE-2016-7255 (Publicly Disclosed, Exploited)
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release.
User targeted vulnerabilities
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release.
User Targeted - Privilege Management Mitigates Impact
CVE-2016-7199 (Publicly Disclosed)
Multiple Microsoft Browser Memory Corruption Vulnerabilities
Multiple remote code execution vulnerabilities exist in the way that Microsoft browsers access objects in memory. The vulnerabilities could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker could host a specially crafted website that is designed to exploit the vulnerabilities through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.
The update addresses the vulnerabilities by modifying how Microsoft browsers handle objects in memory.
Microsoft Browser Information Disclosure Vulnerability CVE-2016-7199 (Publicly Disclosed)
An information disclosure vulnerability exists when affected Microsoft browsers improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow an attacker to obtain browser window state from a different domain.
For an attack to be successful, an attacker must persuade a user to open a malicious website from a secure website. The update addresses the vulnerability by changing how Microsoft browsers handles objects in memory.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release.
User targeted vulnerabilities
Updating Flash Player requires updates for Flash Player, IE, Chrome, and Firefox
WARNING
This page and the download links will be decommissioned on Sep 29, 2016.
If you are downloading Adobe Flash Player for your personal use, please visit get.adobe.com/flashplayer.
Organizations that distribute Adobe Flash Player internally must have a valid license and AdobeID to download and distribute Flash Player binaries. Instructions and further details on obtaining a distribution license are available at the Adobe Flash Player Distribution Page.
Flash Player ESR is officially EOLed as of this last release.
Shavlik Priority:
Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks.
User Targeted - Privilege Management Mitigates Impact
Shavlik Priority:
Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks.
Shavlik Priority:
Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks.
Shavlik Priority:
Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks.
Shavlik Priority:
Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks.
Shavlik Priority:
Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks.
Shavlik Priority:
Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks.
Sign up for Content Announcements:
Email http://www.shavlik.com/support/xmlsubscribe/
RSS http://protect7.shavlik.com/feed/
Twitter @ShavlikXML
Follow us on:
Shavlik on LinkedIn
Twitter @ShavlikProtect
Shavlik blog -> www.shavlik.com/blog
Chris Goettl on LinkedIn
Twitter @ChrisGoettl
Sign up for webinars or download presentations and watch playbacks:
http://www.shavlik.com/webinars/