Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 16 bulletins, five of which are rated Critical.
-
MS16-063 Cumulative Security Update for Internet Explorer (3163649)
Internet Explorer Memory Corruption Vulnerability (CVE-2016-0199) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2016-0200) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2016-3211) MS Rating: Important
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2016-3202) MS Rating: Critical
A remote code execution vulnerability exists in the way that the JScript 9, JScript, and VBScript engines render when handling objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2016-3205) MS Rating: Critical
A remote code execution vulnerability exists in the way that the JScript 9, JScript, and VBScript engines render when handling objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2016-3206) MS Rating: Critical
A remote code execution vulnerability exists in the way that the JScript 9, JScript, and VBScript engines render when handling objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2016-3207) MS Rating: Critical
A remote code execution vulnerability exists in the way that the JScript 9, JScript, and VBScript engines render when handling objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2016-3210) MS Rating: Critical
A remote code execution vulnerability exists in the way that the JScript 9, JScript, and VBScript engines render when handling objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer XSS Filter Vulnerability (CVE-2016-3212) MS Rating: Important
A remote code execution vulnerability exists when the Internet Explorer XSS Filter does not properly validate JavaScript under specific conditions. An attacker who exploited the vulnerability could run arbitrary code with medium-integrity level privileges (the permissions of the current user).
WPAD Elevation of Privilege Vulnerability (CVE-2016-3213) MS Rating: Important
An elevation of privilege vulnerability exists in Microsoft Windows when the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process. An attacker who successfully exploited this vulnerability could bypass security and gain elevated privileges on a targeted system.
-
MS16-068Cumulative Security Update for Microsoft Edge (3163656)
Microsoft Edge Security Feature Bypass (CVE-2016-3198) MS Rating: Important
A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content.
Scripting Engine Memory Corruption Vulnerability (CVE-2016-3199) MS Rating: Critical
A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2016-3202) MS Rating: Critical
A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2016-3214) MS Rating: Critical
A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2016-3222) MS Rating: Critical
A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Windows PDF Information Disclosure Vulnerability (CVE-2016-3201) MS Rating: Important
An information disclosure vulnerability exists in Microsoft Windows when a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerability could read information in the context of the current user.
Windows PDF Information Disclosure Vulnerability (CVE-2016-3215) MS Rating: Important
An information disclosure vulnerability exists in Microsoft Windows when a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerability could read information in the context of the current user.
Windows PDF Remote Code Execution Vulnerability (CVE-2016-3203) MS Rating: Critical
A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerability could cause arbitrary code to execute in the context of the current user.
-
MS16-069 Cumulative Security Update for Jscript and VBScript (3163640)
Scripting Engine Memory Corruption Vulnerability (CVE-2016-3205) MS Rating: Critical
A remote code execution vulnerability exists in the way that the JScript 9, JScript, and VBScript engines render when handling objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2016-3206) MS Rating: Critical
A remote code execution vulnerability exists in the way that the JScript 9, JScript, and VBScript engines render when handling objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2016-3207) MS Rating: Critical
A remote code execution vulnerability exists in the way that the JScript 9, JScript, and VBScript engines render when handling objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
-
MS16-070 Security Update for Microsoft Office (3163610)
Microsoft Office Memory Corruption Vulnerability (CVE-2016-0025) MS Rating: Critical
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Microsoft Office Memory Corruption Vulnerability (CVE-2016-3233) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Microsoft Office Information Disclosure Vulnerability (CVE-2016-3234) MS Rating: Important
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the users computer or data. To exploit the vulnerability, an attacker could craft a special document file, and then convince the victim to open it.
Microsoft Office OLE DLL Side Loading Vulnerability (CVE-2016-3235) MS Rating: Important
A remote code execution vulnerability exists when Windows improperly validates input before loading libraries. An attacker who successfully exploited the vulnerability could take control of an affected system.
-
MS16-071 Security Update for Microsoft Windows DNS Server (3164065)
Windows DNS Server Use After Free Vulnerability (CVE-2016-3227) MS Rating: Critical
A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability.
-
MS16-072 Security Update for Group Policy (3163622)
Group Policy Elevation of Privilege Vulnerability (CVE-2016-3223) MS Rating: Important
An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine.
-
MS16-073 Security Update for Windows Kernel Mode Drivers (3164028)
Win32k Elevation of Privilege Vulnerability (CVE-2016-3218) MS Rating: Important
An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine.
Win32k Elevation of Privilege Vulnerability (CVE-2016-3221) MS Rating: Important
An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Windows Virtual PCI Information Disclosure Vulnerability (CVE-2016-3232) MS Rating: Important
An information disclosure vulnerability exists when the Windows Virtual PCI (VPCI) virtual service provider (VSP) fails to properly handle uninitialized memory. An attacker who successfully exploited this vulnerability could potentially disclose contents of memory to which they should not have access.
-
MS16-074 Security Update for Microsoft Graphics Component (3164036)
Information Disclosure Vulnerability (CVE-2016-3216) MS Rating: Important
An information disclosure vulnerability exists when the Windows Graphics Device Interface (GDI32.dll) fails to properly handle objects in memory, allowing an attacker to retrieve information that could lead to an Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited this vulnerability could cause an information disclosure to bypass the ASLR security feature that protects users from a broad class of vulnerabilities.
Win32k Elevation of Privilege Vulnerability (CVE-2016-3219) MS Rating: Important
An elevation of privilege vulnerability exists when the Windows Graphic Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
ATMFD.DLL Elevation of Privilege Vulnerability (CVE-2016-3220) MS Rating: Important
An elevation of privilege vulnerability exists in Adobe Type Manager Font Driver (ATMFD) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
-
MS16-075 Security Update for Windows SMB Server (3164038)
Windows SMB Server Elevation of Privilege Vulnerability (CVE-2016-3225) MS Rating: Important
An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) when an attacker forwards an authentication request intended for another service running on the same machine. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated permissions.
-
MS16-076 Security Update for Netlogon (3167691)
Windows NetLogon Memory Corruption Remote Code Execution Vulnerability (CVE-2016-3228) MS Rating: Important
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow a remote code execution when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. To exploit the vulnerability, a domain-authenticated attacker could make a specially crafted NetLogon request to a domain controller.
-
MS16-077 Security Update for Web Proxy Autodiscovery (WPAD) (3165191)
WPAD Elevation of Privilege Vulnerability (CVE-2016-3213) MS Rating: Important
An elevation of privilege vulnerability exists in Microsoft Windows when the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process. An attacker who successfully exploited this vulnerability could bypass security and gain elevated privileges on a targeted system.
Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability (CVE-2016-3236) MS Rating: Important
An elevation of privilege vulnerability exists when Microsoft Windows improperly handles certain proxy discovery scenarios using the Web Proxy Auto Discovery (WPAD) protocol method. An attacker who successfully exploited the vulnerability could potentially access and control network traffic for which the attacker does not have sufficient privileges.
-
MS16-078 Security Update for Windows Diagnostic Hub (3165479)
Windows Diagnostics Hub Elevation of Privilege Vulnerability (CVE-2016-3231) MS Rating: Important
An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an insecure library loading behavior. An attacker who successfully exploited this vulnerability could could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
-
MS16-079 Security Update for Microsoft Exchange (3160339)
Microsoft Exchange Information Disclosure Vulnerability (CVE-2016-0028) MS Rating: Important
An email filter bypass that could allow information disclosure exists in the way that Microsoft Exchange parses HTML messages. An attacker who successfully exploited the vulnerability could identify, fingerprint, and track a user online. An attacker could also combine this vulnerability with another one, such as a Cross-Site Request Forgery (CSRF), to amplify their attack.
-
MS16-080 Security Update for Microsoft Windows PDF (3164302)
Windows PDF Information Disclosure Vulnerability (CVE-2016-3201) MS Rating: Important
An Information disclosure vulnerability exists in Microsoft Windows when a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerability could read information in the context of the current user.
Windows PDF Information Disclosure Vulnerability (CVE-2016-3215) MS Rating: Important
An Information disclosure vulnerability exists in Microsoft Windows when a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerability could read information in the context of the current user.
Windows PDF Remote Code Execution Vulnerability (CVE-2016-3203) MS Rating: Important
A remote code execution vulnerability exists in Microsoft Windows if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerability could cause arbitrary code to execute in the context of the current user.
-
MS16-081 Security Update for Active Directory (3164063)
Active Directory Denial of Service Vulnerability (CVE-2016-3226) MS Rating: Important
A denial of service vulnerability exists in Active Directory when an authenticated attacker creates multiple machine accounts. An attacker who successfully exploited this vulnerability could cause the Active Directory service to become non-responsive.
-
MS16-082 Security Update for Microsoft Windows StructuredQuery Component (3165270)
Windows StructuredQuery Denial of Service Vulnerability (CVE-2016-3230) MS Rating: Important
This vulnerability occurs when the Windows StructuredQuery component fails to properly handle certain objects in memory. An attacker who successfully exploited this vulnerability could cause server performance to degrade sufficiently to cause a denial of service condition. An attacker could use this vulnerability to cause a denial of service attack and disrupt server availability.
More information on the vulnerabilities being addressed this month is available at Symantec's free Security Response portal and to our customers through the DeepSight Threat Management System.