Patch Tuesday Analysis - October 2016
•Als PPTX, PDF herunterladen•
0 gefällt mir•514 views
Ivanti October 2016 Patch Tuesday Analysis Webinar – Formerly Shavlik
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (17)
Andere mochten auch
Andere mochten auch (8)
Ähnlich wie Patch Tuesday Analysis - October 2016
Ähnlich wie Patch Tuesday Analysis - October 2016 (11)
Mehr von Ivanti
Mehr von Ivanti (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Patch Tuesday Analysis - October 2016
- 1. Patch Tuesday Webinar Wednesday, October 11th, 2016 Chris Goettl • Product Manager, Shavlik Dial In: 1-855-749-4750 (US) Attendees: 925 670 957
- 2. Agenda October 2016 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
- 3. Best Practices Privilege Management Mitigates Impact of many exploits High Threat Level vulnerabilities warrant fast rollout. 2 weeks or less is ideal to reduce exposure. User Targeted – Whitelisting and Containerization mitigate
- 5. Industry News Microsoft implements servicing change for Windows 7, 8.1, and Server 2008 R2, 2012, 2012 R2 • Internet Explorer and OS updates in one of two options: • Security Bundle – Monthly bundle of Security only updates • Cumulative Rollup – Similar to Windows 10 cumulative bundle of Security and Non-Security updates in one package • .Net Rollup – Cumulative Bundle each month that applies. Will update only versions detected, not install new versions. • Flash Player for IE and OS • Office, SharePoint, SQL, Exchange, etc are not affected by the change set for October Adobe updated Flash Player distribution announcement. Sept 29th If you have not already done so, get an Adobe ID and sign up for the distribution agreement. ESR has also EOLed.
- 6. CSWU-036: Cumulative update for Windows 10: October 11, 2016 Maximum Severity: Critical Affected Products: Windows 10, Edge, Internet Explorer Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-118, MS16-119, MS16-120, MS16-122, MS16-123, MS16-124, MS16-125 Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure Fixes 42 vulnerabilities: CVE-2016-3267, CVE-2016-3298 (Exploited), CVE-2016-3331, CVE-2016-3382, CVE-2016-3383, CVE-2016-3384, CVE-2016- 3385, CVE-2016-3387, CVE-2016-3388, CVE-2016-3390, CVE-2016-3391, CVE-2016-3267, CVE-2016-3331, CVE-2016-3382, CVE-2016-3386, CVE-2016-3387, CVE-2016-3388, CVE-2016-3389, CVE-2016-3390, CVE-2016-3391, CVE-2016-3392, CVE-2016- 7189 (Exploited), CVE-2016-7190, CVE-2016-7194, CVE-2016-3209, CVE-2016-3262, CVE-2016-3263, CVE-2016-3270, CVE- 2016-3393 (Exploited), CVE-2016-3396, CVE-2016-7182, CVE-2016-0142, CVE-2016-3266, CVE-2016-3341, CVE-2016-3376, CVE-2016-7185, CVE-2016-7191, CVE-2016-0070, CVE-2016-0073, CVE-2016-0075, CVE-2016-0079, CVE-2016-7188, APSB16- 32 Restart Required: Requires Restart
- 7. SB16-001: October, 2016 Security Only Quality Update Maximum Severity: Critical Affected Products: Windows, Internet Explorer Description: This update is the Security Only Quality Update for Windows 7, 8.1, Server 2008 R2, 2012, and 2012 R2 systems: MS16-118, MS16-120, MS16-122, MS16-123, MS16-124, MS16-126 Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure Fixes 29 vulnerabilities: CVE-2016-3267, CVE-2016-3298 (Exploited), CVE-2016-3331, CVE-2016-3382, CVE-2016-3383, CVE-2016-3384, CVE-2016- 3385, CVE-2016-3387, CVE-2016-3388, CVE-2016-3390, CVE-2016-3391, CVE-2016-3209, CVE-2016-3262, CVE-2016-3263, CVE-2016-3270, CVE-2016-3393 (Exploited), CVE-2016-3396, CVE-2016-7182, CVE-2016-0142, CVE-2016-3266, CVE-2016- 3341, CVE-2016-3376, CVE-2016-7185, CVE-2016-7191, CVE-2016-0070, CVE-2016-0073, CVE-2016-0075, CVE-2016-0079, CVE-2016-3298 (Exploited) Restart Required: Requires Restart
- 8. CR16-001: October, 2016 Security Monthly Quality Update Maximum Severity: Critical Affected Products: Windows, Internet Explorer Description: This update is the Security Monthly Quality Update for Windows 7, 8.1, Server 2008 R2, 2012, and 2012 R2 systems: MS16-118, MS16-120, MS16-122, MS16-123, MS16-124, MS16-126 Impact: Remote Code Execution, Elevation of Privilege, Information Disclosure Fixes 29 vulnerabilities: CVE-2016-3267, CVE-2016-3298 (Exploited), CVE-2016-3331, CVE-2016-3382, CVE-2016-3383, CVE-2016-3384, CVE-2016- 3385, CVE-2016-3387, CVE-2016-3388, CVE-2016-3390, CVE-2016-3391, CVE-2016-3209, CVE-2016-3262, CVE-2016-3263, CVE-2016-3270, CVE-2016-3393 (Exploited), CVE-2016-3396, CVE-2016-7182, CVE-2016-0142, CVE-2016-3266, CVE-2016- 3341, CVE-2016-3376, CVE-2016-7185, CVE-2016-7191, CVE-2016-0070, CVE-2016-0073, CVE-2016-0075, CVE-2016-0079, CVE-2016-3298 (Exploited) Restart Required: Requires Restart
- 9. MS16-118: Cumulative Security Update for Internet Explorer (3192887) Maximum Severity: Critical Affected Products: Internet Explorer Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Impact: Remote Code Execution Fixes 12 vulnerabilities: CVE-2016-3267, CVE-2016-3298 (Exploited), CVE-2016-3331, CVE-2016-3382, CVE-2016-3383, CVE-2016-3384, CVE-2016- 3385, CVE-2016-3387, CVE-2016-3388, CVE-2016-3390, CVE-2016-3391 Restart Required: Requires Restart
- 10. MS16-119: Cumulative Security Update for Microsoft Edge (3192890) Maximum Severity: Critical Affected Products: Edge Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights. Impact: Remote Code Execution Fixes 13 vulnerabilities: CVE-2016-3267, CVE-2016-3331, CVE-2016-3382, CVE-2016-3386, CVE-2016-3387, CVE-2016-3388, CVE-2016-3389, CVE-2016- 3390, CVE-2016-3391, CVE-2016-3392, CVE-2016-7189 (Exploited), CVE-2016-7190, CVE-2016-7194 Restart Required: Requires Restart
- 11. MS16-120: Security Update for Microsoft Graphics Component (3192884) Maximum Severity: Critical Affected Products: Windows, .Net, Office, Skype, Lync, Silverlight Description: This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Skype for Business, Silverlight, and Microsoft Lync. The most serious of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Impact: Remote Code Execution Fixes 7 vulnerabilities: CVE-2016-3209, CVE-2016-3262, CVE-2016-3263, CVE-2016-3270, CVE-2016-3393 (Exploited), CVE-2016-3396, CVE-2016- 7182, Restart Required: Requires Restart
- 12. MS16-121: Security Update for Microsoft Office (3194063) Maximum Severity: Important Affected Products: Office, SharePoint Description: This security update resolves a vulnerability in Microsoft Office. An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. Impact: Remote Code Execution Fixes vulnerabilities: CVE-2016-7193 (Exploited) Restart Required: May Require Restart
- 13. MS16-122: Security Update for Microsoft Video Control (3195360) Maximum Severity: Critical Affected Products: Windows Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message. Impact: Remote Code Execution Fixes vulnerabilities: CVE-2016-0142 Restart Required: Requires Restart
- 14. MS16-127: Security Update for Adobe Flash Player (3194343) Maximum Severity: Critical Affected Products: Adobe Flash Player Plug-In for IE Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.. Impact: Remote Code Execution Fixes 12 vulnerabilities: CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016- 6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992 Restart Required: Requires Restart
- 15. APSB16-32: Security updates available for Adobe Flash Player Maximum Severity: Critical Affected Products: Adobe Flash Player Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. . Impact: Remote Code Execution Fixes 12 vulnerabilities: CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016- 6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992 Restart Required: Requires Restart
- 16. MS16-123: Security Update for Windows Kernel-Mode Drivers (3192892) Maximum Severity: Important Affected Products: Windows Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. Impact: Elevation of Privilege Fixes 5 vulnerabilities: CVE-2016-3266, CVE-2016-3341, CVE-2016-3376, CVE-2016-7185, CVE-2016-7191 Restart Required: Requires Restart
- 17. MS16-124: Security Update for Windows Registry (3193227) Maximum Severity: Important Affected Products: Windows Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker can access sensitive registry information. Impact: Elevation of Privilege Fixes 4 vulnerabilities: CVE-2016-0070, CVE-2016-0073, CVE-2016-0075, CVE-2016-0079 Restart Required: Requires Restart
- 18. MS16-125: Security Update for Diagnostics Hub (3193229) Maximum Severity: Important Affected Products: Windows Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. Impact: Elevation of Privilege Fixes 1 vulnerabilities: CVE-2016-7188 Restart Required: Requires Restart
- 19. MS16-126: Security Update for Microsoft Internet Messaging API (3196067) Maximum Severity: Moderate Affected Products: Windows Description: This security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk. Impact: Information Disclosure Fixes 1 vulnerabilities: CVE-2016-3298 (Exploited) Restart Required: Requires Restart
- 20. APSB16-33: Security Updates Available for Adobe Acrobat and Reader Maximum Severity: Important Affected Products: Adobe Acrobat and Reader Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Impact: Remote Code Execution Fixes 77 vulnerabilities: CVE-2016-1089, CVE-2016-1091, CVE-2016-6939, CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016- 6944, CVE-2016-6945, CVE-2016-6946, CVE-2016-6947, CVE-2016-6948, CVE-2016-6949, CVE-2016-6950, CVE-2016-6951, CVE-2016-6952, CVE-2016-6953, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6957, CVE-2016-6958, CVE-2016- 6959, CVE-2016-6960, CVE-2016-6961, CVE-2016-6962, CVE-2016-6963, CVE-2016-6964, CVE-2016-6965, CVE-2016-6966, CVE-2016-6967, CVE-2016-6968, CVE-2016-6969, CVE-2016-6970, CVE-2016-6971, CVE-2016-6972, CVE-2016-6973, CVE-2016- 6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6979, CVE-2016-6988, CVE-2016-6993, CVE-2016-6994, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-6999, CVE-2016-7000, CVE-2016- 7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016- 7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019 Restart Required: May Require Restart
- 21. Between Patch Tuesdays New Product Support: Notepad++ x64, Windows 10 LTSB 2016 x86x64 Security Updates: Microsoft (5), Google Chrome (2), FireFoxESR (3), Tomcat (1), Opera (3), Notepad++ (1), 7Zip (2), Shockwave (1), Filezilla (2), Thunderbird (1), Wireshark (1), Non-Security Updates: Microsoft (33), Citrix Receiver (1), VMware Player (1), WinSCP (1), Dropbox (3), PDF-Xchange Pro (1), Slack (1), TeamViewer (2), CoreFTP (1), GoodSync (5), Libre Office (1), Splunk Universal Forwarder (1), TightVNC (1), Google Drive (1), HipChat (1), Security Tools:
- 23. Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.
- 24. Thank you
Hinweis der Redaktion
- NEARLY 50% OPEN E-MAILS AND CLICK ON PHISHING LINKS WITHIN THE FIRST HOUR.
- Microsoft Announcement: https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Exploited in Wild CVE-2016-3298 Exploited in Wild CVE-2016-7189 Exploited in Wild CVE-2016-3393 User Targeted - Privilege Management Mitigates Impact
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. The Security Only Quality Update is marked as Patch Type Security. This bundle includes multiple updates in a single installable package. This update does not include the Non-Security Updates and is not cumulative. Exploited in Wild CVE-2016-3298 Exploited in Wild CVE-2016-3393 User Targeted - Privilege Management Mitigates Impact
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. The Security Monthly Quality Update is marked as Patch Type Non-Security. This bundle includes multiple updates in a single installable package. This update also includes the Non-Security Updates and is cumulative. Exploited in Wild CVE-2016-3298 Exploited in Wild CVE-2016-3393 User Targeted - Privilege Management Mitigates Impact
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. Ensure that your Internet Explorer version is at the latest for the OS you are installed on. Microsoft is only updating the latest version for each supported OS since January 2016. For details please see: https://support.microsoft.com/en-us/lifecycle#gp/Microsoft-Internet-Explorer Exploited in Wild CVE-2016-3298 User Targeted - Privilege Management Mitigates Impact Internet Explorer Information Disclosure Vulnerability CVE-2016-3298 An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful an attacker must persuade a user to open a malicious website. The update addresses the vulnerability by changing the way Internet Explorer handles objects in memory. In addition to installing this update are there any further steps I need to carry out to be protected from any of the vulnerabilities discussed in this bulletin? Yes. For Vista and Windows Server 2008 operating systems installing the 3191492 cumulative update by itself does not fully protect against CVE-2016-3298 — you must also install security update 3193515 in MS16-126 to be fully protected from the vulnerability. Does this update contain any additional security-related changes to functionality? Yes. In addition to the changes that are listed for the vulnerabilities described in this bulletin, this update includes defense-in-depth updates to help improve security-related features. I am running Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2. Does this mitigate these vulnerabilities? Yes. By default, Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server. This is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone. Can EMET help mitigate attacks that attempt to exploit these vulnerabilities? Yes. The Enhanced Mitigation Experience Toolkit (EMET) enables users to manage security mitigation technologies that help make it more difficult for attackers to exploit memory corruption vulnerabilities in a given piece of software. EMET can help mitigate attacks that attempt to exploit these vulnerabilities in Internet Explorer on systems where EMET is installed and configured to work with Internet Explorer. For more information about EMET, see the Enhanced Mitigation Experience Toolkit.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User targeted vulnerabilities – Privilege Management Mitigates Impact Exploited in Wild CVE-2016-7189 Scripting Engine Remote Code Execution Vulnerability CVE-2016-7189 A remote code execution vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action. For example, an attacker could trick users into clicking a link that takes them to the attacker's site. The update addresses the vulnerability by correcting how the affected components handle objects in memory.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. Exploited in the Wild CVE-2016-3393 Windows Graphics Component RCE Vulnerability – CVE-2016-3393 A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit this vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email message or in an Instant Messenger message that takes users to the attacker's website, or by opening an attachment sent through email. In a file sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit this vulnerability, and then convince a user to open the document file. The security update addresses the vulnerability by correcting how the Windows GDI handles objects in the memory. There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Affected Software table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. Do I need to install these security updates in a particular sequence? No. Multiple updates for a given system can be applied in any sequence.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User targeted vulnerabilities – Privilege Management Mitigates Impact Exploited in Wild CVE-2016-7193 Microsoft Office Memory Corruption Vulnerability An Office RTF remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle RTF files. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince them to open the specially crafted file. The update addresses the vulnerability by changing the way Microsoft Office software handles RTF content. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. Microsoft is aware of limited attacks that use this vulnerability in conjunction with other vulnerabilities to gain code execution.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User targeted vulnerabilities – Privilege Management Mitigates Impact Microsoft Video Control Remote Code Execution Vulnerability – CVE-2016-0142 A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would have to convince a user to open either a specially crafted file or application from either a webpage or an email message. The update addresses the vulnerability by correcting how Microsoft Video Control handles objects in memory. Note that where the severity is indicated as Critical in the Affected Software and Vulnerability Severity Ratings table, the Preview Pane is an attack vector for CVE-2016-0142.
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User targeted vulnerabilities
- Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User targeted vulnerabilities Updating Flash Player requires updates for Flash Player, IE, Chrome, and Firefox WARNING This page and the download links will be decommissioned on Sep 29, 2016. If you are downloading Adobe Flash Player for your personal use, please visit get.adobe.com/flashplayer. Organizations that distribute Adobe Flash Player internally must have a valid license and AdobeID to download and distribute Flash Player binaries. Instructions and further details on obtaining a distribution license are available at the Adobe Flash Player Distribution Page. Flash Player ESR is officially EOLed as of this last release.
- Shavlik Priority: Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. Multiple Win32k Elevation of Privilege Vulnerabilities Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit these vulnerabilities, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerabilities and take control of an affected system. The update addresses these vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory.
- Shavlik Priority: Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. Multiple Windows Kernel Local Elevation of Privilege Vulnerabilities Multiple elevation of privilege vulnerabilities exist in Microsoft Windows when a Windows kernel API improperly allows a user to access sensitive registry information. To exploit the vulnerabilities, a locally authenticated attacker would need to run a specially crafted application. An attacker who uses this method could then gain access to information not intended to be available to the user. The security update addresses the vulnerabilities by correcting how the kernel API restricts access to this information.
- Shavlik Priority: Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. Windows Diagnostics Hub Elevation of Privilege– CVE-2016-7188 An elevation of privilege vulnerability exists in the Windows Diagnostics Hub Standard Collector Service when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input that could lead to unsecure library loading behavior. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerability by correcting an input sanitization error to preclude unintended elevation of privilege
- Shavlik Priority: Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. Exploited in Wild CVE-2016-3298 In addition to installing this update are there any further steps I need to carry out to be protected from any of the vulnerabilities discussed in this bulletin? Yes. For Vista and Windows Server 2008 operating systems installing the 3191492 cumulative update by itself does not fully protect against CVE-2016-3298 — you must also install security update 3193515 in MS16-126 to be fully protected from the vulnerability. Internet Explorer Information Disclosure Vulnerability – CVE-2016-3298 An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk. For an attack to be successful an attacker must persuade a user to open a malicious website. The update addresses the vulnerability by changing the way the Microsoft Internet Messaging API handles objects in memory.
- Shavlik Priority: Shavlik rates this bulletin as a Important. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. User Targeted
- Sign up for Content Announcements: Email http://www.shavlik.com/support/xmlsubscribe/ RSS http://protect7.shavlik.com/feed/ Twitter @ShavlikXML Follow us on: Shavlik on LinkedIn Twitter @ShavlikProtect Shavlik blog -> www.shavlik.com/blog Chris Goettl on LinkedIn Twitter @ChrisGoettl Sign up for webinars or download presentations and watch playbacks: http://www.shavlik.com/webinars/