3. Best Practices
Privilege Management
Mitigates Impact of
many exploits
High Threat Level vulnerabilities
warrant fast rollout. 2 weeks or
less is ideal to reduce exposure.
User Targeted – Whitelisting
and Containerization
mitigate
4.
5. Industry News
Microsoft implements servicing change for Windows 7, 8.1, and
Server 2008 R2, 2012, 2012 R2
• Internet Explorer and OS updates in one of two options:
• Security Bundle – Monthly bundle of Security only updates
• Cumulative Rollup – Similar to Windows 10 cumulative bundle
of Security and Non-Security updates in one package
• .Net Rollup – Cumulative Bundle each month that applies. Will
update only versions detected, not install new versions.
• Flash Player for IE and OS
• Office, SharePoint, SQL, Exchange, etc are not affected by the
change set for October
Adobe updated Flash Player distribution announcement. Sept 29th If
you have not already done so, get an Adobe ID and sign up for the
distribution agreement. ESR has also EOLed.
6. CSWU-036: Cumulative update for Windows 10: October 11, 2016
Maximum Severity: Critical
Affected Products: Windows 10, Edge, Internet Explorer
Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are
described in the following Microsoft security bulletins and advisory: MS16-118, MS16-119, MS16-120, MS16-122, MS16-123, MS16-124,
MS16-125
Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
Fixes 42 vulnerabilities:
CVE-2016-3267, CVE-2016-3298 (Exploited), CVE-2016-3331, CVE-2016-3382, CVE-2016-3383, CVE-2016-3384, CVE-2016-
3385, CVE-2016-3387, CVE-2016-3388, CVE-2016-3390, CVE-2016-3391, CVE-2016-3267, CVE-2016-3331, CVE-2016-3382,
CVE-2016-3386, CVE-2016-3387, CVE-2016-3388, CVE-2016-3389, CVE-2016-3390, CVE-2016-3391, CVE-2016-3392, CVE-2016-
7189 (Exploited), CVE-2016-7190, CVE-2016-7194, CVE-2016-3209, CVE-2016-3262, CVE-2016-3263, CVE-2016-3270, CVE-
2016-3393 (Exploited), CVE-2016-3396, CVE-2016-7182, CVE-2016-0142, CVE-2016-3266, CVE-2016-3341, CVE-2016-3376,
CVE-2016-7185, CVE-2016-7191, CVE-2016-0070, CVE-2016-0073, CVE-2016-0075, CVE-2016-0079, CVE-2016-7188, APSB16-
32
Restart Required: Requires Restart
7. SB16-001: October, 2016 Security Only Quality Update
Maximum Severity: Critical
Affected Products: Windows, Internet Explorer
Description: This update is the Security Only Quality Update for Windows 7, 8.1, Server 2008 R2, 2012, and 2012 R2 systems:
MS16-118, MS16-120, MS16-122, MS16-123, MS16-124, MS16-126
Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
Fixes 29 vulnerabilities:
CVE-2016-3267, CVE-2016-3298 (Exploited), CVE-2016-3331, CVE-2016-3382, CVE-2016-3383, CVE-2016-3384, CVE-2016-
3385, CVE-2016-3387, CVE-2016-3388, CVE-2016-3390, CVE-2016-3391, CVE-2016-3209, CVE-2016-3262, CVE-2016-3263,
CVE-2016-3270, CVE-2016-3393 (Exploited), CVE-2016-3396, CVE-2016-7182, CVE-2016-0142, CVE-2016-3266, CVE-2016-
3341, CVE-2016-3376, CVE-2016-7185, CVE-2016-7191, CVE-2016-0070, CVE-2016-0073, CVE-2016-0075, CVE-2016-0079,
CVE-2016-3298 (Exploited)
Restart Required: Requires Restart
8. CR16-001: October, 2016 Security Monthly Quality Update
Maximum Severity: Critical
Affected Products: Windows, Internet Explorer
Description: This update is the Security Monthly Quality Update for Windows 7, 8.1, Server 2008 R2, 2012, and 2012 R2 systems:
MS16-118, MS16-120, MS16-122, MS16-123, MS16-124, MS16-126
Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure
Fixes 29 vulnerabilities:
CVE-2016-3267, CVE-2016-3298 (Exploited), CVE-2016-3331, CVE-2016-3382, CVE-2016-3383, CVE-2016-3384, CVE-2016-
3385, CVE-2016-3387, CVE-2016-3388, CVE-2016-3390, CVE-2016-3391, CVE-2016-3209, CVE-2016-3262, CVE-2016-3263,
CVE-2016-3270, CVE-2016-3393 (Exploited), CVE-2016-3396, CVE-2016-7182, CVE-2016-0142, CVE-2016-3266, CVE-2016-
3341, CVE-2016-3376, CVE-2016-7185, CVE-2016-7191, CVE-2016-0070, CVE-2016-0073, CVE-2016-0075, CVE-2016-0079,
CVE-2016-3298 (Exploited)
Restart Required: Requires Restart
9. MS16-118: Cumulative Security Update for Internet Explorer (3192887)
Maximum Severity: Critical
Affected Products: Internet Explorer
Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow
remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the
vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker
could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with
full user rights.
Impact: Remote Code Execution
Fixes 12 vulnerabilities:
CVE-2016-3267, CVE-2016-3298 (Exploited), CVE-2016-3331, CVE-2016-3382, CVE-2016-3383, CVE-2016-3384, CVE-2016-
3385, CVE-2016-3387, CVE-2016-3388, CVE-2016-3390, CVE-2016-3391
Restart Required: Requires Restart
10. MS16-119: Cumulative Security Update for Microsoft Edge (3192890)
Maximum Severity: Critical
Affected Products: Edge
Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote
code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities
could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system
could be less impacted than users with administrative user rights.
Impact: Remote Code Execution
Fixes 13 vulnerabilities:
CVE-2016-3267, CVE-2016-3331, CVE-2016-3382, CVE-2016-3386, CVE-2016-3387, CVE-2016-3388, CVE-2016-3389, CVE-2016-
3390, CVE-2016-3391, CVE-2016-3392, CVE-2016-7189 (Exploited), CVE-2016-7190, CVE-2016-7194
Restart Required: Requires Restart
11. MS16-120: Security Update for Microsoft Graphics Component (3192884)
Maximum Severity: Critical
Affected Products: Windows, .Net, Office, Skype, Lync, Silverlight
Description: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype
for Business, Silverlight, and Microsoft Lync. The most serious of these vulnerabilities could allow remote code execution if a user either
visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on
the system could be less impacted than users who operate with administrative user rights.
Impact: Remote Code Execution
Fixes 7 vulnerabilities:
CVE-2016-3209, CVE-2016-3262, CVE-2016-3263, CVE-2016-3270, CVE-2016-3393 (Exploited), CVE-2016-3396, CVE-2016-
7182,
Restart Required: Requires Restart
12. MS16-121: Security Update for Microsoft Office (3194063)
Maximum Severity: Important
Affected Products: Office, SharePoint
Description: This security update resolves a vulnerability in Microsoft Office. An Office RTF remote code execution vulnerability
exists in Microsoft Office software when the Office software fails to properly handle RTF files. An attacker who successfully exploited the
vulnerability could run arbitrary code in the context of the current user.
Impact: Remote Code Execution
Fixes vulnerabilities:
CVE-2016-7193 (Exploited)
Restart Required: May Require Restart
13. MS16-122: Security Update for Microsoft Video Control (3195360)
Maximum Severity: Critical
Affected Products: Windows
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution
if Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run
arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a
program from either a webpage or an email message.
Impact: Remote Code Execution
Fixes vulnerabilities:
CVE-2016-0142
Restart Required: Requires Restart
14. MS16-127: Security Update for Adobe Flash Player (3194343)
Maximum Severity: Critical
Affected Products: Adobe Flash Player Plug-In for IE
Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows
8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10..
Impact: Remote Code Execution
Fixes 12 vulnerabilities:
CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-
6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992
Restart Required: Requires Restart
15. APSB16-32: Security updates available for Adobe Flash Player
Maximum Severity: Critical
Affected Products: Adobe Flash Player
Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These
updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. .
Impact: Remote Code Execution
Fixes 12 vulnerabilities:
CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-
6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992
Restart Required: Requires Restart
16. MS16-123: Security Update for Windows Kernel-Mode Drivers (3192892)
Maximum Severity: Important
Affected Products: Windows
Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow
elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities
and take control of an affected system.
Impact: Elevation of Privilege
Fixes 5 vulnerabilities:
CVE-2016-3266, CVE-2016-3341, CVE-2016-3376, CVE-2016-7185, CVE-2016-7191
Restart Required: Requires Restart
17. MS16-124: Security Update for Windows Registry (3193227)
Maximum Severity: Important
Affected Products: Windows
Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if
an attacker can access sensitive registry information.
Impact: Elevation of Privilege
Fixes 4 vulnerabilities:
CVE-2016-0070, CVE-2016-0073, CVE-2016-0075, CVE-2016-0079
Restart Required: Requires Restart
18. MS16-125: Security Update for Diagnostics Hub (3193229)
Maximum Severity: Important
Affected Products: Windows
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if
an attacker logs on to an affected system and runs a specially crafted application.
Impact: Elevation of Privilege
Fixes 1 vulnerabilities:
CVE-2016-7188
Restart Required: Requires Restart
19. MS16-126: Security Update for Microsoft Internet Messaging API
(3196067)
Maximum Severity: Moderate
Affected Products: Windows
Description: This security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when
the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could
test for the presence of files on disk.
Impact: Information Disclosure
Fixes 1 vulnerabilities:
CVE-2016-3298 (Exploited)
Restart Required: Requires Restart
20. APSB16-33: Security Updates Available for Adobe Acrobat and Reader
Maximum Severity: Important
Affected Products: Adobe Acrobat and Reader
Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates
address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Impact: Remote Code Execution
Fixes 77 vulnerabilities:
CVE-2016-1089, CVE-2016-1091, CVE-2016-6939, CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-
6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6947, CVE-2016-6948, CVE-2016-6949, CVE-2016-6950, CVE-2016-6951,
CVE-2016-6952, CVE-2016-6953, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6957, CVE-2016-6958, CVE-2016-
6959, CVE-2016-6960, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6966,
CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6970, CVE-2016-6971, CVE-2016-6972, CVE-2016-6973, CVE-2016-
6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6979, CVE-2016-6988, CVE-2016-6993,
CVE-2016-6994, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-6999, CVE-2016-7000, CVE-2016-
7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008,
CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-
7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019
Restart Required: May Require Restart
21. Between Patch Tuesdays
New Product Support: Notepad++ x64, Windows 10 LTSB 2016 x86x64
Security Updates: Microsoft (5), Google Chrome (2), FireFoxESR (3), Tomcat
(1), Opera (3), Notepad++ (1), 7Zip (2), Shockwave (1), Filezilla (2), Thunderbird
(1), Wireshark (1),
Non-Security Updates: Microsoft (33), Citrix Receiver (1), VMware Player (1),
WinSCP (1), Dropbox (3), PDF-Xchange Pro (1), Slack (1), TeamViewer (2),
CoreFTP (1), GoodSync (5), Libre Office (1), Splunk Universal Forwarder (1),
TightVNC (1), Google Drive (1), HipChat (1),
Security Tools:
22.
23. Resources and Webinars
Get Shavlik Content Updates
Get Social with Shavlik
Sign up for next months
Patch Tuesday Webinar
Watch previous webinars
and download presentation.
NEARLY 50% OPEN E-MAILS AND CLICK ON PHISHING LINKS WITHIN THE FIRST HOUR.
Microsoft Announcement:
https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
Exploited in Wild CVE-2016-3298
Exploited in Wild CVE-2016-7189
Exploited in Wild CVE-2016-3393
User Targeted - Privilege Management Mitigates Impact
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
The Security Only Quality Update is marked as Patch Type Security. This bundle includes multiple updates in a single installable package. This update does not include the Non-Security Updates and is not cumulative.
Exploited in Wild CVE-2016-3298
Exploited in Wild CVE-2016-3393
User Targeted - Privilege Management Mitigates Impact
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
The Security Monthly Quality Update is marked as Patch Type Non-Security. This bundle includes multiple updates in a single installable package. This update also includes the Non-Security Updates and is cumulative.
Exploited in Wild CVE-2016-3298
Exploited in Wild CVE-2016-3393
User Targeted - Privilege Management Mitigates Impact
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release.
Ensure that your Internet Explorer version is at the latest for the OS you are installed on. Microsoft is only updating the latest version for each supported OS since January 2016. For details please see: https://support.microsoft.com/en-us/lifecycle#gp/Microsoft-Internet-Explorer
Exploited in Wild CVE-2016-3298
User Targeted - Privilege Management Mitigates Impact
Internet Explorer Information Disclosure Vulnerability CVE-2016-3298
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful an attacker must persuade a user to open a malicious website.
The update addresses the vulnerability by changing the way Internet Explorer handles objects in memory.
In addition to installing this update are there any further steps I need to carry out to be protected from any of the vulnerabilities discussed in this bulletin? Yes. For Vista and Windows Server 2008 operating systems installing the 3191492 cumulative update by itself does not fully protect against CVE-2016-3298 — you must also install security update 3193515 in MS16-126 to be fully protected from the vulnerability.
Does this update contain any additional security-related changes to functionality? Yes. In addition to the changes that are listed for the vulnerabilities described in this bulletin, this update includes defense-in-depth updates to help improve security-related features.
I am running Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2. Does this mitigate these vulnerabilities? Yes. By default, Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server. This is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone.
Can EMET help mitigate attacks that attempt to exploit these vulnerabilities? Yes. The Enhanced Mitigation Experience Toolkit (EMET) enables users to manage security mitigation technologies that help make it more difficult for attackers to exploit memory corruption vulnerabilities in a given piece of software. EMET can help mitigate attacks that attempt to exploit these vulnerabilities in Internet Explorer on systems where EMET is installed and configured to work with Internet Explorer.
For more information about EMET, see the Enhanced Mitigation Experience Toolkit.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release.
User targeted vulnerabilities – Privilege Management Mitigates Impact
Exploited in Wild CVE-2016-7189
Scripting Engine Remote Code Execution Vulnerability CVE-2016-7189
A remote code execution vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker's site.
The update addresses the vulnerability by correcting how the affected components handle objects in memory.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release.
Exploited in the Wild CVE-2016-3393
Windows Graphics Component RCE Vulnerability – CVE-2016-3393
A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
There are multiple ways an attacker could exploit this vulnerability:
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email.
In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file.
The security update addresses the vulnerability by correcting how the Windows GDI handles objects in the memory.
There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Affected Software table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.
Do I need to install these security updates in a particular sequence? No. Multiple updates for a given system can be applied in any sequence.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release.
User targeted vulnerabilities – Privilege Management Mitigates Impact
Exploited in Wild CVE-2016-7193
Microsoft Office Memory Corruption Vulnerability
An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website.
Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince them to open the specially crafted file.
The update addresses the vulnerability by changing the way Microsoft Office software handles RTF content.
Microsoft received information about this vulnerability through coordinated vulnerability disclosure. Microsoft is aware of limited attacks that use this vulnerability in conjunction with other vulnerabilities to gain code execution.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release.
User targeted vulnerabilities – Privilege Management Mitigates Impact
Microsoft Video Control Remote Code Execution Vulnerability – CVE-2016-0142
A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
To exploit the vulnerability, an attacker would have to convince a user to open either a specially crafted file or application from either a webpage or an email message. The update addresses the vulnerability by correcting how Microsoft Video Control handles objects in memory.
Note that where the severity is indicated as Critical in the Affected Software and Vulnerability Severity Ratings table, the Preview Pane is an attack vector for CVE-2016-0142.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release.
User targeted vulnerabilities
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release.
User targeted vulnerabilities
Updating Flash Player requires updates for Flash Player, IE, Chrome, and Firefox
WARNING
This page and the download links will be decommissioned on Sep 29, 2016.
If you are downloading Adobe Flash Player for your personal use, please visit get.adobe.com/flashplayer.
Organizations that distribute Adobe Flash Player internally must have a valid license and AdobeID to download and distribute Flash Player binaries. Instructions and further details on obtaining a distribution license are available at the Adobe Flash Player Distribution Page.
Flash Player ESR is officially EOLed as of this last release.
Shavlik Priority:
Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks.
Multiple Win32k Elevation of Privilege Vulnerabilities
Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit these vulnerabilities, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerabilities and take control of an affected system. The update addresses these vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory.
Shavlik Priority:
Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks.
Multiple Windows Kernel Local Elevation of Privilege Vulnerabilities
Multiple elevation of privilege vulnerabilities exist in Microsoft Windows when a Windows kernel API improperly allows a user to access sensitive registry information. To exploit the vulnerabilities, a locally authenticated attacker would need to run a specially crafted application.
An attacker who uses this method could then gain access to information not intended to be available to the user. The security update addresses the vulnerabilities by correcting how the kernel API restricts access to this information.
Shavlik Priority:
Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks.
Windows Diagnostics Hub Elevation of Privilege– CVE-2016-7188
An elevation of privilege vulnerability exists in the Windows Diagnostics Hub Standard Collector Service when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input that could lead to unsecure library loading behavior.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerability by correcting an input sanitization error to preclude unintended elevation of privilege
Shavlik Priority:
Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks.
Exploited in Wild CVE-2016-3298
In addition to installing this update are there any further steps I need to carry out to be protected from any of the vulnerabilities discussed in this bulletin? Yes. For Vista and Windows Server 2008 operating systems installing the 3191492 cumulative update by itself does not fully protect against CVE-2016-3298 — you must also install security update 3193515 in MS16-126 to be fully protected from the vulnerability.
Internet Explorer Information Disclosure Vulnerability – CVE-2016-3298
An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk.
For an attack to be successful an attacker must persuade a user to open a malicious website. The update addresses the vulnerability by changing the way the Microsoft Internet Messaging API handles objects in memory.
Shavlik Priority:
Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks.
User Targeted
Sign up for Content Announcements:
Email http://www.shavlik.com/support/xmlsubscribe/
RSS http://protect7.shavlik.com/feed/
Twitter @ShavlikXML
Follow us on:
Shavlik on LinkedIn
Twitter @ShavlikProtect
Shavlik blog -> www.shavlik.com/blog
Chris Goettl on LinkedIn
Twitter @ChrisGoettl
Sign up for webinars or download presentations and watch playbacks:
http://www.shavlik.com/webinars/