Endpoint Protection

Microsoft Patch Tuesday – April 2016 

04-12-2016 02:33 PM

ms-tuesday-patch-key-concept-white-light 2_10.png

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 13 bulletins, six of which are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the April 2016 releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms16-apr

The following is a breakdown of the issues being addressed this month:

  1. MS16-037 Cumulative Security Update for Internet Explorer (3148531)

    Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0154) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2016-0159) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2016-0160) MS Rating: Important

    A remote code execution vulnerability exists when Internet Explorer improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0162) MS Rating: Moderate

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2016-0164) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2016-0166) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.


  2. MS16-038 Cumulative Security Update for Microsoft Edge (3148532)

    Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0154) MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Microsoft Browser Memory Corruption Vulnerability (CVE-2016-0155) MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0156) MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0157) MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Microsoft Edge Elevation of Privilege Vulnerability (CVE-2016-0158) MS Rating: Critical

    An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. In a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability.

    Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0161) MS Rating: Important

    An elevation of privilege vulnerability exists when Microsoft Edge does not properly validate JavaScript under specific conditions, potentially allowing a script to be run with elevated privileges. In a web-based attack scenario, an attacker could host a website in an attempt to exploit this vulnerability.


  3. MS16-039 Security Update for Microsoft Graphics Component (3148522)

    Win32k Elevation of Privilege Vulnerability (CVE-2016-0143) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Win32k Elevation of Privilege Vulnerability (CVE-2016-0165) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Win32k Elevation of Privilege Vulnerability (CVE-2016-0167) MS Rating: Critical

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

    Graphics Memory Corruption Vulnerability (CVE-2016-0145) MS Rating: Critical

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.


  4. MS16-040 Security Update for Microsoft XML Core Service (3148541)

    MSXML Remote Code Execution Vulnerability (CVE-2016-0147) MS Rating: Critical

    A remote code execution vulnerability exists when the Microsoft XML Core Services (MSXML) parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user's system.


  5. MS16-041 Security Update for .NET Framework (3148789)

    .NET Framework Remote Code Execution Vulnerability (CVE-2016-0148) MS Rating: Important

    A remote code execution vulnerability exists when Microsoft .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.


  6. MS16-042 Security Update for Microsoft Office (3148775)

    Microsoft Office Memory Corruption Vulnerability (CVE-2016-0122) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Microsoft Office Memory Corruption Vulnerability (CVE-2016-0127) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Microsoft Office Memory Corruption Vulnerability (CVE-2016-0136) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Microsoft Office Memory Corruption Vulnerability (CVE-2016-0139) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.


  7. MS16-044 Security Update for Windows OLE (3146706)

    Windows OLE Remote Code Execution Vulnerability (CVE-2016-0153) MS Rating: Important

    A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.


  8. MS16-045 Security Update for Windows Hyper-V (3143118)

    Hyper-V Remote Code Execution Vulnerability (CVE-2016-0088) MS Rating: Important

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.

    Hyper-V Information Disclosure Vulnerability (CVE-2016-0089) MS Rating: Important

    An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. Customers who have not enabled the Hyper-V role are not affected.

    Hyper-V Information Disclosure Vulnerability (CVE-2016-0090) MS Rating: Important

    An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information. Customers who have not enabled the Hyper-V role are not affected.


  9. MS16-046 Security Update for Secondary Logon (3148538)

    Secondary Logon Elevation of Privilege Vulnerability (CVE-2016-0135) MS Rating: Important

    An elevation of privilege vulnerability exists in Microsoft Windows when the Windows Secondary Logon Service fails to properly manage requests in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


  10. MS16-047 Security Update for SAM and LSAD Remote Protocols (3148527)

    Windows RPC Downgrade Vulnerability (CVE-2016-0128) MS Rating: Important

    An elevation of privilege vulnerability exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols when they accept authentication levels that do not protect the RPC channel adequately. The vulnerability is caused by the way the SAM and LSAD remote protocols establish the Remote Procedure Call (RPC) channel. An attacker who successfully exploited this vulnerability could gain access to the SAM database.


  11. MS16-048 Security Update for CSRSS (3148528)

    Windows CSRSS Security Feature Bypass Vulnerability (CVE-2016-0151) MS Rating: Important

    A security feature bypass vulnerability exists in Microsoft Windows when the Client-Server Run-time Subsystem (CSRSS) fails to properly manage process tokens in memory.


  12. MS16-049 Security Update for HTTP.sys (3148795)

    HTTP.sys Denial of Service Vulnerability (CVE-2016-0150) MS Rating: Important

    A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests. An attacker who successfully exploited the vulnerability could create a denial of service condition, causing the target system to become unresponsive.


  13. MS16-050 Security Update for Adobe Flash Player (3154132)

    .NET XML Validation Security Feature Bypass (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, and CVE-2016-1019) MS Rating: Critical

    Multiple security vulnerabilities exist in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

More information on the vulnerabilities being addressed this month is available at Symantec's free Security Response portal and to our customers through the DeepSight Threat Management System.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.