SlideShare ist ein Scribd-Unternehmen logo

Patch Tuesday Analysis - November 2016

Als PPTX, PDF herunterladen
Ivanti
Ivanti

Ivanti November 2016 Patch Tuesday Analysis Webinar – Formerly Shavlik

Technologie
1 von 27
Patch Tuesday Webinar Wednesday, November 9th, 2016 Chris Goettl • Product Manager, Shavlik Dial In: 1-855-749-4750 (US) Attendees: 927 934 532
Agenda November 2016 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
Best Practices Privilege Management Mitigates Impact of many exploits High Threat Level vulnerabilities warrant fast rollout. 2 weeks or less is ideal to reduce exposure. User Targeted – Whitelisting and Containerization mitigate
Industry News
CSWU-039: Cumulative update for Windows 10: November 9, 2016  Maximum Severity: Critical  Affected Products: Windows 10, Edge, Internet Explorer  Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-129, MS16-130, MS16-131, MS16-132, MS16-134, MS16-135, MS16-137, MS16-138, MS16-140, MS16-141, MS16-142  Impact: Remote Code Execution, Elevation of Privilege,  Fixes 73 vulnerabilities:  CVE-2016-7195, CVE-2016-7196, CVE-2016-7198, CVE-2016-7199 (Publicly Disclosed), CVE-2016-7200, CVE-2016-7201, CVE- 2016-7202, CVE-2016-7203, CVE-2016-7204, CVE-2016-7208, CVE-2016-7209 (Publicly Disclosed), CVE-2016-7227, CVE-2016- 7239, CVE-2016-7240, CVE-2016-7241, CVE-2016-7242, CVE-2016-7243, CVE-2016-7212, CVE-2016-7221, CVE-2016-7222, CVE-2016-7248, CVE-2016-7205, CVE-2016-7210, CVE-2016-7217, CVE-2016-7256 (Exploited), CVE-2016-0026, CVE-2016- 3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, CVE-2016-7184, CVE-2016-7214, CVE-2016-7215, CVE-2016-7218, CVE-2016-7246, CVE-2016-7255 (Publicly Disclosed, Exploited), CVE-2016-7220, CVE-2016-7237, CVE-2016-7238, CVE-2016-7223, CVE-2016-7224, CVE-2016-7225, CVE-2016- 7226, CVE-2016-7247, CVE-2016-7239, CVE-2016-7227, CVE-2016-7198, CVE-2016-7199 (Publicly Disclosed), CVE-2016-7195, CVE-2016-7196, CVE-2016-7241, CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016- 7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865  Restart Required: Requires Restart
SB16-002, SB16-003, SB16-004: November, 2016 Security Only Update  Maximum Severity: Critical  Affected Products: Windows, Internet Explorer  Description: This update is the Security Only Quality Update for Windows 7, 8.1, Server 2008 R2, 2012, and 2012 R2 systems: MS16-130, MS16-131, MS16-132, MS16-134, MS16-135, MS16-137, MS16-138, MS16-139, MS16-140, MS16-142  Impact: Remote Code Execution, Elevation of Privilege,  Fixes 39 vulnerabilities:  CVE-2016-7212, CVE-2016-7221, CVE-2016-7222, CVE-2016-7248, CVE-2016-7205, CVE-2016-7210, CVE-2016-7217, CVE-2016- 7256 (Exploited), CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE- 2016-3340, CVE-2016-3342, CVE-2016-3343, CVE-2016-7184, CVE-2016-7214, CVE-2016-7215, CVE-2016-7218, CVE-2016- 7246, CVE-2016-7255 (Publicly Disclosed, Exploited), CVE-2016-7220, CVE-2016-7237, CVE-2016-7238, CVE-2016-7223, CVE- 2016-7224, CVE-2016-7225, CVE-2016-7226, CVE-2016-7247, CVE-2016-7216, CVE-2016-7239, CVE-2016-7227, CVE-2016- 7198, CVE-2016-7199 (Publicly Disclosed), CVE-2016-7195, CVE-2016-7196, CVE-2016-7241  Restart Required: Requires Restart
CR16-002: November, 2016 Security Monthly Quality Update  Maximum Severity: Critical  Affected Products: Windows, Internet Explorer  Description: This update is the Security Monthly Quality Update for Windows 7, 8.1, Server 2008 R2, 2012, and 2012 R2 systems: MS16-130, MS16-131, MS16-132, MS16-134, MS16-135, MS16-137, MS16-138, MS16-139, MS16-140, MS16-142  Impact: Remote Code Execution, Elevation of Privilege,  Fixes 39 vulnerabilities:  CVE-2016-7212, CVE-2016-7221, CVE-2016-7222, CVE-2016-7248, CVE-2016-7205, CVE-2016-7210, CVE-2016-7217, CVE-2016- 7256 (Exploited), CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE- 2016-3340, CVE-2016-3342, CVE-2016-3343, CVE-2016-7184, CVE-2016-7214, CVE-2016-7215, CVE-2016-7218, CVE-2016- 7246, CVE-2016-7255 (Publicly Disclosed, Exploited), CVE-2016-7220, CVE-2016-7237, CVE-2016-7238, CVE-2016-7223, CVE- 2016-7224, CVE-2016-7225, CVE-2016-7226, CVE-2016-7247, CVE-2016-7216, CVE-2016-7239, CVE-2016-7227, CVE-2016- 7198, CVE-2016-7199 (Publicly Disclosed), CVE-2016-7195, CVE-2016-7196, CVE-2016-7241  Restart Required: Requires Restart
MS16-129: Cumulative Security Update for Microsoft Edge (3199057)  Maximum Severity: Critical  Affected Products: Edge  Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.  Impact: Remote Code Execution  Fixes 17 vulnerabilities:  CVE-2016-7195, CVE-2016-7196, CVE-2016-7198, CVE-2016-7199 (Publicly Disclosed), CVE-2016-7200, CVE-2016-7201, CVE- 2016-7202, CVE-2016-7203, CVE-2016-7204, CVE-2016-7208, CVE-2016-7209 (Publicly Disclosed), CVE-2016-7227, CVE-2016- 7239, CVE-2016-7240, CVE-2016-7241, CVE-2016-7242, CVE-2016-7243,  Restart Required: Requires Restart
MS16-130: Security Update for Microsoft Windows (3199172)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application.  Impact: Remote Code Execution  Fixes 3 vulnerabilities:  CVE-2016-7212, CVE-2016-7221, CVE-2016-7222  Restart Required: Requires Restart
MS16-131: Security Update for Microsoft Video Control (3199151)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message..  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-7248  Restart Required: Requires Restart
MS16-132: Security Update for Microsoft Graphics Component (3199120)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe being of the vulnerabilities could allow a remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory if a user visits a malicious webpage. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 4 vulnerabilities:  CVE-2016-7205, CVE-2016-7210, CVE-2016-7217, CVE-2016-7256 (Exploited)  Restart Required: May Require Restart
MS16-135: Security Update for Windows Kernel-Mode Drivers (3199135)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.  Impact: Elevation of Privilege  Fixes vulnerabilities:  CVE-2016-7214, CVE-2016-7215, CVE-2016-7218, CVE-2016-7246, CVE-2016-7255 (Publicly Disclosed, Exploited)  Restart Required: Requires Restart
MS16-141: Security Update for Adobe Flash Player (3202790)  Maximum Severity: Critical  Affected Products: Adobe Flash Player Plug-In for IE  Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10..  Impact: Remote Code Execution  Fixes 9 vulnerabilities:  CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016- 7864, CVE-2016-7865  Restart Required: Requires Restart
MS16-142: Cumulative Security Update for Internet Explorer (3198467)  Maximum Severity: Critical  Affected Products: Internet Explorer  Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 7 vulnerabilities:  CVE-2016-7239, CVE-2016-7227, CVE-2016-7198, CVE-2016-7199 (Publicly Disclosed), CVE-2016-7195, CVE-2016-7196, CVE- 2016-7241  Restart Required: Requires Restart
APSB16-37: Security updates available for Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player  Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. .  Impact: Remote Code Execution  Fixes 9 vulnerabilities:  CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016- 7863, CVE-2016-7864, CVE-2016-7865  Restart Required: Requires Restart
MS16-133: Security Update for Microsoft Office (3199168)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.  Impact: Remote Code Execution  Fixes 12 vulnerabilities:  CVE-2016-7213, CVE-2016-7228, CVE-2016-7229, CVE-2016-7230, CVE-2016-7231, CVE-2016-7232, CVE-2016-7233, CVE-2016- 7234, CVE-2016-7235, CVE-2016-7236, CVE-2016-7244, CVE-2016-7245  Restart Required: May Require Restart
MS16-134: Security Update for Common Log File System Driver (3193706)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit these vulnerabilities by running a specially crafted application to take complete control over the affected system. An attacker who successfully exploits this vulnerability could run processes in an elevated context.  Impact: Elevation of Privilege  Fixes 10 vulnerabilities:  CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016- 3342, CVE-2016-3343, CVE-2016-7184  Restart Required: Requires Restart
MS16-136: Security Update for SQL Server (3199641)  Maximum Severity: Important  Affected Products: SQL Server  Description: This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker could to gain elevated privileges that could be used to view, change, or delete data; or create new accounts. The security update addresses these most severe vulnerabilities by correcting how SQL Server handles pointer casting.  Impact: Elevation of Privilege  Fixes 6 vulnerabilities:  CVE-2016-7249, CVE-2016-7250, CVE-2016-7251, CVE-2016-7252, CVE-2016-7253, CVE-2016-7254  Restart Required: May Require Restart
MS16-137: Security Update for Windows Authentication Methods (3199173)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege. To exploit this vulnerability, the attacker would first need to authenticate to the target, domain-joined system using valid user credentials. An attacker who successfully exploited this vulnerability could elevate their permissions from unprivileged user account to administrator. The attacker could then install programs; view, change or delete data; or create new accounts. The attacker could subsequently attempt to elevate by locally executing a specially crafted application designed to manipulate NTLM password change requests..  Impact: Elevation of Privilege  Fixes 3 vulnerabilities:  CVE-2016-7220, CVE-2016-7237, CVE-2016-7238  Restart Required: Requires Restart
MS16-138: Security Update to Microsoft Virtual Hard Disk Driver (3199647)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability.  Impact: Elevation of Privilege  Fixes 4 vulnerabilities:  CVE-2016-7223, CVE-2016-7224, CVE-2016-7225, CVE-2016-7226  Restart Required: Requires Restart
MS16-139: Security Update for Windows Kernel (3199720)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application to access sensitive information. A locally authenticated attacker could attempt to exploit this vulnerability by running a specially crafted application. An attacker can gain access to information not intended to be available to the user by using this method.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-7216  Restart Required: Requires Restart
MS16-140: Security Update for Boot Manager (3193479)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a physically-present attacker installs an affected boot policy.  Impact: Security Feature Bypass  Fixes 1 vulnerabilities:  CVE-2016-7247  Restart Required: Requires Restart
Between Patch Tuesdays New Product Support: Server 2016, .Net 4.6.2, Infopath for Office 365, RealVNC Connect 6 Security Updates: Chrome (3), Open Office (1), Microsoft (7), Opera (2), Skype (2), Foxit Reader (1), Java 8 (1), Firefox (1), GoToMeeting (2), Tomcat (1), VMware Tools (1), Flash Player (1), UltraVNC (1), iTunes (1), Filezilla, HP System Management Homepage (1), iTunes (1), Acrobat Reader (1), Non-Security Updates: Google Earth (1), PDFCreator (1), Tomcat (2), Microsoft (46) , Ccleaner (1), Google Drive (1), Notepad++ (1), Foxit Phantom (1), GoodSync (2), Java 8 (1), MozyHome (1), CDBurnerXP (1), Dropbox (1), Citrix Delivery Controller (1), Zimbra (1), SnagIt (1), Libre Office (2), Winzip (1), VMware Player (1), Filezilla (1), PeaZip (1) Security Tools:
Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.
Thank you

Empfohlen

November2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikNovember2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikLANDESK
 
October2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikOctober2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikLANDESK
 
Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016LANDESK
 
August Patch Tuesday 2016
August Patch Tuesday 2016August Patch Tuesday 2016
August Patch Tuesday 2016LANDESK
 
December2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikDecember2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikLANDESK
 
Patch Tuesday Analysis - June 2016
Patch Tuesday Analysis - June 2016Patch Tuesday Analysis - June 2016
Patch Tuesday Analysis - June 2016Ivanti
 
Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Ivanti
 
Patch Tuesday Analysis - February 2016
Patch Tuesday Analysis - February 2016Patch Tuesday Analysis - February 2016
Patch Tuesday Analysis - February 2016Ivanti
 

Empfohlen

November2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikNovember2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikLANDESK
 
October2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikOctober2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikLANDESK
 
Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016LANDESK
 
August Patch Tuesday 2016
August Patch Tuesday 2016August Patch Tuesday 2016
August Patch Tuesday 2016LANDESK
 
December2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikDecember2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikLANDESK
 
Patch Tuesday Analysis - June 2016
Patch Tuesday Analysis - June 2016Patch Tuesday Analysis - June 2016
Patch Tuesday Analysis - June 2016Ivanti
 
Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Ivanti
 
Patch Tuesday Analysis - February 2016
Patch Tuesday Analysis - February 2016Patch Tuesday Analysis - February 2016
Patch Tuesday Analysis - February 2016Ivanti
 
Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016Ivanti
 
January2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikJanuary2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikLANDESK
 
Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Ivanti
 
April 2017 patch tuesday ivanti
April 2017 patch tuesday ivantiApril 2017 patch tuesday ivanti
April 2017 patch tuesday ivantiChris Goettl
 
Patch Tuesday Analysis - December 2015
Patch Tuesday Analysis - December 2015Patch Tuesday Analysis - December 2015
Patch Tuesday Analysis - December 2015Ivanti
 
Patch Tuesday Analysis - October 2015
Patch Tuesday Analysis - October 2015Patch Tuesday Analysis - October 2015
Patch Tuesday Analysis - October 2015Ivanti
 
Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017Ivanti
 
Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016Ivanti
 
June2017 patchtuesdayivanti
June2017 patchtuesdayivantiJune2017 patchtuesdayivanti
June2017 patchtuesdayivantiIvanti
 
May 2017 Patch Tuesday Ivanti
May 2017 Patch Tuesday IvantiMay 2017 Patch Tuesday Ivanti
May 2017 Patch Tuesday IvantiIvanti
 
February 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisFebruary 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisIvanti
 
January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018Ivanti
 
Patch Tuesday Analysis - July 2015
Patch Tuesday Analysis - July 2015Patch Tuesday Analysis - July 2015
Patch Tuesday Analysis - July 2015Ivanti
 
July 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - IvantiJuly 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - IvantiIvanti
 
July 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisJuly 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisIvanti
 
Patch Tuesday Analysis - August 2015
Patch Tuesday Analysis - August 2015Patch Tuesday Analysis - August 2015
Patch Tuesday Analysis - August 2015Ivanti
 
September 2017 Patch Tuesday
September 2017 Patch TuesdaySeptember 2017 Patch Tuesday
September 2017 Patch TuesdayIvanti
 
Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016Ivanti
 
Patch Tuesday Analysis - December 2016
Patch Tuesday Analysis - December 2016Patch Tuesday Analysis - December 2016
Patch Tuesday Analysis - December 2016Ivanti
 
Patch Tuesday Analysis - January 2017
Patch Tuesday Analysis - January 2017 Patch Tuesday Analysis - January 2017
Patch Tuesday Analysis - January 2017 Ivanti
 
Patch Tuesday Analysis - July 2016
Patch Tuesday Analysis - July 2016Patch Tuesday Analysis - July 2016
Patch Tuesday Analysis - July 2016Ivanti
 
Patch Tuesday Analysis - August 2016
Patch Tuesday Analysis - August 2016Patch Tuesday Analysis - August 2016
Patch Tuesday Analysis - August 2016Ivanti
 

Weitere ähnliche Inhalte

Was ist angesagt?

Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016Ivanti
 
January2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikJanuary2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikLANDESK
 
Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Ivanti
 
April 2017 patch tuesday ivanti
April 2017 patch tuesday ivantiApril 2017 patch tuesday ivanti
April 2017 patch tuesday ivantiChris Goettl
 
Patch Tuesday Analysis - December 2015
Patch Tuesday Analysis - December 2015Patch Tuesday Analysis - December 2015
Patch Tuesday Analysis - December 2015Ivanti
 
Patch Tuesday Analysis - October 2015
Patch Tuesday Analysis - October 2015Patch Tuesday Analysis - October 2015
Patch Tuesday Analysis - October 2015Ivanti
 
Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017Ivanti
 
Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016Ivanti
 
June2017 patchtuesdayivanti
June2017 patchtuesdayivantiJune2017 patchtuesdayivanti
June2017 patchtuesdayivantiIvanti
 
May 2017 Patch Tuesday Ivanti
May 2017 Patch Tuesday IvantiMay 2017 Patch Tuesday Ivanti
May 2017 Patch Tuesday IvantiIvanti
 
February 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisFebruary 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisIvanti
 
January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018Ivanti
 
Patch Tuesday Analysis - July 2015
Patch Tuesday Analysis - July 2015Patch Tuesday Analysis - July 2015
Patch Tuesday Analysis - July 2015Ivanti
 
July 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - IvantiJuly 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - IvantiIvanti
 
July 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisJuly 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisIvanti
 
Patch Tuesday Analysis - August 2015
Patch Tuesday Analysis - August 2015Patch Tuesday Analysis - August 2015
Patch Tuesday Analysis - August 2015Ivanti
 
September 2017 Patch Tuesday
September 2017 Patch TuesdaySeptember 2017 Patch Tuesday
September 2017 Patch TuesdayIvanti
 

Was ist angesagt? (17)

Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016
 
January2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikJanuary2017 patchtuesdayshavlik
January2017 patchtuesdayshavlik
 
Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016
 
April 2017 patch tuesday ivanti
April 2017 patch tuesday ivantiApril 2017 patch tuesday ivanti
April 2017 patch tuesday ivanti
 
Patch Tuesday Analysis - December 2015
Patch Tuesday Analysis - December 2015Patch Tuesday Analysis - December 2015
Patch Tuesday Analysis - December 2015
 
Patch Tuesday Analysis - October 2015
Patch Tuesday Analysis - October 2015Patch Tuesday Analysis - October 2015
Patch Tuesday Analysis - October 2015
 
Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017
 
Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016
 
June2017 patchtuesdayivanti
June2017 patchtuesdayivantiJune2017 patchtuesdayivanti
June2017 patchtuesdayivanti
 
May 2017 Patch Tuesday Ivanti
May 2017 Patch Tuesday IvantiMay 2017 Patch Tuesday Ivanti
May 2017 Patch Tuesday Ivanti
 
February 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisFebruary 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday Analysis
 
January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018
 
Patch Tuesday Analysis - July 2015
Patch Tuesday Analysis - July 2015Patch Tuesday Analysis - July 2015
Patch Tuesday Analysis - July 2015
 
July 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - IvantiJuly 2017 Patch Tuesday - Ivanti
July 2017 Patch Tuesday - Ivanti
 
July 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisJuly 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday Analysis
 
Patch Tuesday Analysis - August 2015
Patch Tuesday Analysis - August 2015Patch Tuesday Analysis - August 2015
Patch Tuesday Analysis - August 2015
 
September 2017 Patch Tuesday
September 2017 Patch TuesdaySeptember 2017 Patch Tuesday
September 2017 Patch Tuesday
 

Andere mochten auch

Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016Ivanti
 
Patch Tuesday Analysis - December 2016
Patch Tuesday Analysis - December 2016Patch Tuesday Analysis - December 2016
Patch Tuesday Analysis - December 2016Ivanti
 
Patch Tuesday Analysis - January 2017
Patch Tuesday Analysis - January 2017 Patch Tuesday Analysis - January 2017
Patch Tuesday Analysis - January 2017 Ivanti
 
Patch Tuesday Analysis - July 2016
Patch Tuesday Analysis - July 2016Patch Tuesday Analysis - July 2016
Patch Tuesday Analysis - July 2016Ivanti
 
Patch Tuesday Analysis - August 2016
Patch Tuesday Analysis - August 2016Patch Tuesday Analysis - August 2016
Patch Tuesday Analysis - August 2016Ivanti
 
Patch Tuesday Analysis - September 2016
Patch Tuesday Analysis - September 2016Patch Tuesday Analysis - September 2016
Patch Tuesday Analysis - September 2016Ivanti
 
Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015Ivanti
 
Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015Ivanti
 

Andere mochten auch (8)

Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016
 
Patch Tuesday Analysis - December 2016
Patch Tuesday Analysis - December 2016Patch Tuesday Analysis - December 2016
Patch Tuesday Analysis - December 2016
 
Patch Tuesday Analysis - January 2017
Patch Tuesday Analysis - January 2017 Patch Tuesday Analysis - January 2017
Patch Tuesday Analysis - January 2017
 
Patch Tuesday Analysis - July 2016
Patch Tuesday Analysis - July 2016Patch Tuesday Analysis - July 2016
Patch Tuesday Analysis - July 2016
 
Patch Tuesday Analysis - August 2016
Patch Tuesday Analysis - August 2016Patch Tuesday Analysis - August 2016
Patch Tuesday Analysis - August 2016
 
Patch Tuesday Analysis - September 2016
Patch Tuesday Analysis - September 2016Patch Tuesday Analysis - September 2016
Patch Tuesday Analysis - September 2016
 
Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015
 
Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015
 

Ähnlich wie Patch Tuesday Analysis - November 2016

Windows exploitation-2016-a4
Windows exploitation-2016-a4Windows exploitation-2016-a4
Windows exploitation-2016-a4Andrey Apuhtin
 
August Patch Tuesday Analysis
August Patch Tuesday AnalysisAugust Patch Tuesday Analysis
August Patch Tuesday AnalysisIvanti
 
July Patch Tuesday 2020
July Patch Tuesday 2020July Patch Tuesday 2020
July Patch Tuesday 2020Dan Lalli
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesdayIvanti
 
April 2019 Patch Tuesday
April 2019 Patch TuesdayApril 2019 Patch Tuesday
April 2019 Patch TuesdayIvanti
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020Ivanti
 
Patch Tuesday - August 2017 - Ivanti
Patch Tuesday - August 2017 - IvantiPatch Tuesday - August 2017 - Ivanti
Patch Tuesday - August 2017 - IvantiErica Azad
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisIvanti
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018Ivanti
 
May Patch Tuesday Analysis 2019
May Patch Tuesday Analysis 2019May Patch Tuesday Analysis 2019
May Patch Tuesday Analysis 2019Ivanti
 

Ähnlich wie Patch Tuesday Analysis - November 2016 (10)

Windows exploitation-2016-a4
Windows exploitation-2016-a4Windows exploitation-2016-a4
Windows exploitation-2016-a4
 
August Patch Tuesday Analysis
August Patch Tuesday AnalysisAugust Patch Tuesday Analysis
August Patch Tuesday Analysis
 
July Patch Tuesday 2020
July Patch Tuesday 2020July Patch Tuesday 2020
July Patch Tuesday 2020
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesday
 
April 2019 Patch Tuesday
April 2019 Patch TuesdayApril 2019 Patch Tuesday
April 2019 Patch Tuesday
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020
 
Patch Tuesday - August 2017 - Ivanti
Patch Tuesday - August 2017 - IvantiPatch Tuesday - August 2017 - Ivanti
Patch Tuesday - August 2017 - Ivanti
 
December 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday AnalysisDecember 2018 Patch Tuesday Analysis
December 2018 Patch Tuesday Analysis
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018
 
May Patch Tuesday Analysis 2019
May Patch Tuesday Analysis 2019May Patch Tuesday Analysis 2019
May Patch Tuesday Analysis 2019
 

Mehr von Ivanti

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de AbrilIvanti
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - AvrilIvanti
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia AprileIvanti
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - MarsIvanti
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de MarzoIvanti
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia MarzoIvanti
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch TuesdayIvanti
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de FebreroIvanti
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - FévrierIvanti
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioIvanti
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch TuesdayIvanti
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch TuesdayIvanti
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch TuesdayIvanti
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch TuesdayIvanti
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de EneroIvanti
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – JanvierIvanti
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch TuesdayIvanti
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de DiciembreIvanti
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – DécembreIvanti
 

Mehr von Ivanti (20)

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de Enero
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – Janvier
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch Tuesday
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de Diciembre
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – Décembre
 

Kürzlich hochgeladen

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Kürzlich hochgeladen (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 

Patch Tuesday Analysis - November 2016

  • 1. Patch Tuesday Webinar Wednesday, November 9th, 2016 Chris Goettl • Product Manager, Shavlik Dial In: 1-855-749-4750 (US) Attendees: 927 934 532
  • 2. Agenda November 2016 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
  • 3. Best Practices Privilege Management Mitigates Impact of many exploits High Threat Level vulnerabilities warrant fast rollout. 2 weeks or less is ideal to reduce exposure. User Targeted – Whitelisting and Containerization mitigate
  • 4.
  • 6. CSWU-039: Cumulative update for Windows 10: November 9, 2016  Maximum Severity: Critical  Affected Products: Windows 10, Edge, Internet Explorer  Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-129, MS16-130, MS16-131, MS16-132, MS16-134, MS16-135, MS16-137, MS16-138, MS16-140, MS16-141, MS16-142  Impact: Remote Code Execution, Elevation of Privilege,  Fixes 73 vulnerabilities:  CVE-2016-7195, CVE-2016-7196, CVE-2016-7198, CVE-2016-7199 (Publicly Disclosed), CVE-2016-7200, CVE-2016-7201, CVE- 2016-7202, CVE-2016-7203, CVE-2016-7204, CVE-2016-7208, CVE-2016-7209 (Publicly Disclosed), CVE-2016-7227, CVE-2016- 7239, CVE-2016-7240, CVE-2016-7241, CVE-2016-7242, CVE-2016-7243, CVE-2016-7212, CVE-2016-7221, CVE-2016-7222, CVE-2016-7248, CVE-2016-7205, CVE-2016-7210, CVE-2016-7217, CVE-2016-7256 (Exploited), CVE-2016-0026, CVE-2016- 3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, CVE-2016-7184, CVE-2016-7214, CVE-2016-7215, CVE-2016-7218, CVE-2016-7246, CVE-2016-7255 (Publicly Disclosed, Exploited), CVE-2016-7220, CVE-2016-7237, CVE-2016-7238, CVE-2016-7223, CVE-2016-7224, CVE-2016-7225, CVE-2016- 7226, CVE-2016-7247, CVE-2016-7239, CVE-2016-7227, CVE-2016-7198, CVE-2016-7199 (Publicly Disclosed), CVE-2016-7195, CVE-2016-7196, CVE-2016-7241, CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016- 7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865  Restart Required: Requires Restart
  • 7. SB16-002, SB16-003, SB16-004: November, 2016 Security Only Update  Maximum Severity: Critical  Affected Products: Windows, Internet Explorer  Description: This update is the Security Only Quality Update for Windows 7, 8.1, Server 2008 R2, 2012, and 2012 R2 systems: MS16-130, MS16-131, MS16-132, MS16-134, MS16-135, MS16-137, MS16-138, MS16-139, MS16-140, MS16-142  Impact: Remote Code Execution, Elevation of Privilege,  Fixes 39 vulnerabilities:  CVE-2016-7212, CVE-2016-7221, CVE-2016-7222, CVE-2016-7248, CVE-2016-7205, CVE-2016-7210, CVE-2016-7217, CVE-2016- 7256 (Exploited), CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE- 2016-3340, CVE-2016-3342, CVE-2016-3343, CVE-2016-7184, CVE-2016-7214, CVE-2016-7215, CVE-2016-7218, CVE-2016- 7246, CVE-2016-7255 (Publicly Disclosed, Exploited), CVE-2016-7220, CVE-2016-7237, CVE-2016-7238, CVE-2016-7223, CVE- 2016-7224, CVE-2016-7225, CVE-2016-7226, CVE-2016-7247, CVE-2016-7216, CVE-2016-7239, CVE-2016-7227, CVE-2016- 7198, CVE-2016-7199 (Publicly Disclosed), CVE-2016-7195, CVE-2016-7196, CVE-2016-7241  Restart Required: Requires Restart
  • 8. CR16-002: November, 2016 Security Monthly Quality Update  Maximum Severity: Critical  Affected Products: Windows, Internet Explorer  Description: This update is the Security Monthly Quality Update for Windows 7, 8.1, Server 2008 R2, 2012, and 2012 R2 systems: MS16-130, MS16-131, MS16-132, MS16-134, MS16-135, MS16-137, MS16-138, MS16-139, MS16-140, MS16-142  Impact: Remote Code Execution, Elevation of Privilege,  Fixes 39 vulnerabilities:  CVE-2016-7212, CVE-2016-7221, CVE-2016-7222, CVE-2016-7248, CVE-2016-7205, CVE-2016-7210, CVE-2016-7217, CVE-2016- 7256 (Exploited), CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE- 2016-3340, CVE-2016-3342, CVE-2016-3343, CVE-2016-7184, CVE-2016-7214, CVE-2016-7215, CVE-2016-7218, CVE-2016- 7246, CVE-2016-7255 (Publicly Disclosed, Exploited), CVE-2016-7220, CVE-2016-7237, CVE-2016-7238, CVE-2016-7223, CVE- 2016-7224, CVE-2016-7225, CVE-2016-7226, CVE-2016-7247, CVE-2016-7216, CVE-2016-7239, CVE-2016-7227, CVE-2016- 7198, CVE-2016-7199 (Publicly Disclosed), CVE-2016-7195, CVE-2016-7196, CVE-2016-7241  Restart Required: Requires Restart
  • 9. MS16-129: Cumulative Security Update for Microsoft Edge (3199057)  Maximum Severity: Critical  Affected Products: Edge  Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.  Impact: Remote Code Execution  Fixes 17 vulnerabilities:  CVE-2016-7195, CVE-2016-7196, CVE-2016-7198, CVE-2016-7199 (Publicly Disclosed), CVE-2016-7200, CVE-2016-7201, CVE- 2016-7202, CVE-2016-7203, CVE-2016-7204, CVE-2016-7208, CVE-2016-7209 (Publicly Disclosed), CVE-2016-7227, CVE-2016- 7239, CVE-2016-7240, CVE-2016-7241, CVE-2016-7242, CVE-2016-7243,  Restart Required: Requires Restart
  • 10. MS16-130: Security Update for Microsoft Windows (3199172)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a locally authenticated attacker runs a specially crafted application.  Impact: Remote Code Execution  Fixes 3 vulnerabilities:  CVE-2016-7212, CVE-2016-7221, CVE-2016-7222  Restart Required: Requires Restart
  • 11. MS16-131: Security Update for Microsoft Video Control (3199151)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message..  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-7248  Restart Required: Requires Restart
  • 12. MS16-132: Security Update for Microsoft Graphics Component (3199120)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe being of the vulnerabilities could allow a remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory if a user visits a malicious webpage. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 4 vulnerabilities:  CVE-2016-7205, CVE-2016-7210, CVE-2016-7217, CVE-2016-7256 (Exploited)  Restart Required: May Require Restart
  • 13. MS16-135: Security Update for Windows Kernel-Mode Drivers (3199135)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.  Impact: Elevation of Privilege  Fixes vulnerabilities:  CVE-2016-7214, CVE-2016-7215, CVE-2016-7218, CVE-2016-7246, CVE-2016-7255 (Publicly Disclosed, Exploited)  Restart Required: Requires Restart
  • 14. MS16-141: Security Update for Adobe Flash Player (3202790)  Maximum Severity: Critical  Affected Products: Adobe Flash Player Plug-In for IE  Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10..  Impact: Remote Code Execution  Fixes 9 vulnerabilities:  CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016- 7864, CVE-2016-7865  Restart Required: Requires Restart
  • 15. MS16-142: Cumulative Security Update for Internet Explorer (3198467)  Maximum Severity: Critical  Affected Products: Internet Explorer  Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 7 vulnerabilities:  CVE-2016-7239, CVE-2016-7227, CVE-2016-7198, CVE-2016-7199 (Publicly Disclosed), CVE-2016-7195, CVE-2016-7196, CVE- 2016-7241  Restart Required: Requires Restart
  • 16. APSB16-37: Security updates available for Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player  Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. .  Impact: Remote Code Execution  Fixes 9 vulnerabilities:  CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016- 7863, CVE-2016-7864, CVE-2016-7865  Restart Required: Requires Restart
  • 17. MS16-133: Security Update for Microsoft Office (3199168)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.  Impact: Remote Code Execution  Fixes 12 vulnerabilities:  CVE-2016-7213, CVE-2016-7228, CVE-2016-7229, CVE-2016-7230, CVE-2016-7231, CVE-2016-7232, CVE-2016-7233, CVE-2016- 7234, CVE-2016-7235, CVE-2016-7236, CVE-2016-7244, CVE-2016-7245  Restart Required: May Require Restart
  • 18. MS16-134: Security Update for Common Log File System Driver (3193706)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerability could allow elevation of privilege when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit these vulnerabilities by running a specially crafted application to take complete control over the affected system. An attacker who successfully exploits this vulnerability could run processes in an elevated context.  Impact: Elevation of Privilege  Fixes 10 vulnerabilities:  CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016- 3342, CVE-2016-3343, CVE-2016-7184  Restart Required: Requires Restart
  • 19. MS16-136: Security Update for SQL Server (3199641)  Maximum Severity: Important  Affected Products: SQL Server  Description: This security update resolves vulnerabilities in Microsoft SQL Server. The most severe vulnerabilities could allow an attacker could to gain elevated privileges that could be used to view, change, or delete data; or create new accounts. The security update addresses these most severe vulnerabilities by correcting how SQL Server handles pointer casting.  Impact: Elevation of Privilege  Fixes 6 vulnerabilities:  CVE-2016-7249, CVE-2016-7250, CVE-2016-7251, CVE-2016-7252, CVE-2016-7253, CVE-2016-7254  Restart Required: May Require Restart
  • 20. MS16-137: Security Update for Windows Authentication Methods (3199173)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege. To exploit this vulnerability, the attacker would first need to authenticate to the target, domain-joined system using valid user credentials. An attacker who successfully exploited this vulnerability could elevate their permissions from unprivileged user account to administrator. The attacker could then install programs; view, change or delete data; or create new accounts. The attacker could subsequently attempt to elevate by locally executing a specially crafted application designed to manipulate NTLM password change requests..  Impact: Elevation of Privilege  Fixes 3 vulnerabilities:  CVE-2016-7220, CVE-2016-7237, CVE-2016-7238  Restart Required: Requires Restart
  • 21. MS16-138: Security Update to Microsoft Virtual Hard Disk Driver (3199647)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker could manipulate files in locations not intended to be available to the user by exploiting this vulnerability.  Impact: Elevation of Privilege  Fixes 4 vulnerabilities:  CVE-2016-7223, CVE-2016-7224, CVE-2016-7225, CVE-2016-7226  Restart Required: Requires Restart
  • 22. MS16-139: Security Update for Windows Kernel (3199720)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application to access sensitive information. A locally authenticated attacker could attempt to exploit this vulnerability by running a specially crafted application. An attacker can gain access to information not intended to be available to the user by using this method.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-7216  Restart Required: Requires Restart
  • 23. MS16-140: Security Update for Boot Manager (3193479)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if a physically-present attacker installs an affected boot policy.  Impact: Security Feature Bypass  Fixes 1 vulnerabilities:  CVE-2016-7247  Restart Required: Requires Restart
  • 24. Between Patch Tuesdays New Product Support: Server 2016, .Net 4.6.2, Infopath for Office 365, RealVNC Connect 6 Security Updates: Chrome (3), Open Office (1), Microsoft (7), Opera (2), Skype (2), Foxit Reader (1), Java 8 (1), Firefox (1), GoToMeeting (2), Tomcat (1), VMware Tools (1), Flash Player (1), UltraVNC (1), iTunes (1), Filezilla, HP System Management Homepage (1), iTunes (1), Acrobat Reader (1), Non-Security Updates: Google Earth (1), PDFCreator (1), Tomcat (2), Microsoft (46) , Ccleaner (1), Google Drive (1), Notepad++ (1), Foxit Phantom (1), GoodSync (2), Java 8 (1), MozyHome (1), CDBurnerXP (1), Dropbox (1), Citrix Delivery Controller (1), Zimbra (1), SnagIt (1), Libre Office (2), Winzip (1), VMware Player (1), Filezilla (1), PeaZip (1) Security Tools:
  • 25.
  • 26. Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.

Hinweis der Redaktion

  1. NEARLY 50% OPEN E-MAILS AND CLICK ON PHISHING LINKS WITHIN THE FIRST HOUR.
  2. Microsoft Announcement: https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/
  3. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. User Targeted - Privilege Management Mitigates Impact CVE-2016-7199 (Publicly Disclosed) CVE-2016-7209 (Publicly Disclosed) CVE-2016-7255 (Publicly Disclosed, Exploited) CVE-2016-7256 (Exploited)
  4. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. The Security Only Quality Update is marked as Patch Type Security. This bundle includes multiple updates in a single installable package. This update does not include the Non-Security Updates and is not cumulative. User Targeted - Privilege Management Mitigates Impact CVE-2016-7256 (Exploited) CVE-2016-7255 (Publicly Disclosed, Exploited) CVE-2016-7199 (Publicly Disclosed)
  5. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. The Security Only Quality Update is marked as Patch Type Security. This bundle includes multiple updates in a single installable package. This update does not include the Non-Security Updates and is not cumulative. User Targeted - Privilege Management Mitigates Impact CVE-2016-7256 (Exploited) CVE-2016-7255 (Publicly Disclosed, Exploited) CVE-2016-7199 (Publicly Disclosed)
  6. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User Targeted - Privilege Management Mitigates Impact CVE-2016-7199 (Publicly Disclosed), CVE-2016-7209 (Publicly Disclosed),
  7. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User targeted vulnerabilities To exploit this vulnerability, a locally authenticated attacker could run a specially crafted application. To exploit the vulnerability, a locally authenticated attacker could use Windows Task Scheduler to schedule a new task with a malicious UNC path. To exploit the vulnerability, an attacker would have to convince a user to load a malformed image file from either a webpage or an email message.
  8. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User Targeted - Privilege Management Mitigates Impact Microsoft Video Control Remote Code Execution Vulnerability – CVE-2016-7248 A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would have to convince a user to open either a specially crafted file or application from either a webpage or an email message. The update addresses the vulnerability by correcting how Microsoft Video Control handles objects in memory. Note that where the severity is indicated as Critical in the Affected Software and Vulnerability Severity Ratings table, the Outlook Preview Pane is an attack vector for CVE-2016-7248.
  9. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User targeted vulnerabilities – Privilege Management Mitigates Impact CVE-2016-7256 (Exploited) Open Type Font Remote Code Execution Vulnerability – CVE-2016-7256 A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: •In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. •In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit the vulnerability, and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts.
  10. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. CVE-2016-7255 (Publicly Disclosed, Exploited)
  11. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User targeted vulnerabilities
  12. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User Targeted - Privilege Management Mitigates Impact CVE-2016-7199 (Publicly Disclosed) Multiple Microsoft Browser Memory Corruption Vulnerabilities Multiple remote code execution vulnerabilities exist in the way that Microsoft browsers access objects in memory. The vulnerabilities could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerabilities through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment. The update addresses the vulnerabilities by modifying how Microsoft browsers handle objects in memory. Microsoft Browser Information Disclosure Vulnerability CVE-2016-7199 (Publicly Disclosed) An information disclosure vulnerability exists when affected Microsoft browsers improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow an attacker to obtain browser window state from a different domain. For an attack to be successful, an attacker must persuade a user to open a malicious website from a secure website. The update addresses the vulnerability by changing how Microsoft browsers handles objects in memory.
  13. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User targeted vulnerabilities Updating Flash Player requires updates for Flash Player, IE, Chrome, and Firefox WARNING This page and the download links will be decommissioned on Sep 29, 2016.   If you are downloading Adobe Flash Player for your personal use, please visit get.adobe.com/flashplayer.   Organizations that distribute Adobe Flash Player internally must have a valid license and AdobeID to download and distribute Flash Player binaries. Instructions and further details on obtaining a distribution license are available at the Adobe Flash Player Distribution Page. Flash Player ESR is officially EOLed as of this last release.
  14. Shavlik Priority: Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. User Targeted - Privilege Management Mitigates Impact
  15. Shavlik Priority: Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks.
  16. Shavlik Priority: Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks.
  17. Shavlik Priority: Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks.
  18. Shavlik Priority: Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks.
  19. Shavlik Priority: Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks.
  20. Shavlik Priority: Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks.
  21. Sign up for Content Announcements: Email http://www.shavlik.com/support/xmlsubscribe/ RSS http://protect7.shavlik.com/feed/ Twitter @ShavlikXML Follow us on: Shavlik on LinkedIn Twitter @ShavlikProtect Shavlik blog -> www.shavlik.com/blog Chris Goettl on LinkedIn Twitter @ChrisGoettl Sign up for webinars or download presentations and watch playbacks: http://www.shavlik.com/webinars/