Endpoint Protection

Microsoft Patch Tuesday – December 2016 

12-13-2016 02:45 PM

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing 12 bulletins, six of which are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the December 2016 releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms16-dec

The following is a breakdown of the issues being addressed this month:

  1. MS16-144 Cumulative Security Update for Internet Explorer (3204059) MS Rating: Critical

    Scripting Engine Memory Corruption Vulnerability (CVE-2016-7202) MS Rating: Critical

    A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Windows Hyperlink Object Library Information Disclosure Vulnerability (CVE-2016-7278) MS Rating: Important

    An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise a target system.

    Microsoft Browser – Memory Corruption Vulnerability (CVE-2016-7279) MS Rating: Important

    A remote code execution vulnerability exists when Microsoft Browsers improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Microsoft Browser Security Feature Bypass Vulnerability (CVE-2016-7281) MS Rating: Important

    A security bypass vulnerability exists when the Microsoft browser Same Origin Policy fails to properly handle the validation of certain specially crafted documents.

    Microsoft Browser Information Disclosure Vulnerability (CVE-2016-7282) MS Rating: Important

    An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise a target system.

    Internet Explorer Memory Corruption Vulnerability (CVE-2016-7283) MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Information Disclosure Vulnerability (CVE-2016-7284) MS Rating: Important

    An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise a target system.

    Scripting Engine Memory Corruption Vulnerability (CVE-2016-7287) MS Rating: Critical

    A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.


  2. MS16-145 Cumulative Security Update for Microsoft Edge (3204062) MS Rating: Critical

    Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7181) MS Rating: Moderate

    A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Microsoft Edge Information Disclosure Vulnerability (CVE-2016-7206) MS Rating: Important

    An information disclosure vulnerability exists when Microsoft browsers do not properly validate content under specific conditions. An attacker who exploited this issue could run arbitrary code that could lead to an information disclosure.

    Microsoft Browser Memory Corruption Vulnerability (CVE-2016-7279) MS Rating: Important

    A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Microsoft Edge Information Disclosure Vulnerability (CVE-2016-7280) MS Rating: Important

    An information disclosure vulnerability exists when Microsoft browsers do not properly validate content under specific conditions. An attacker who exploited this issue could run arbitrary code that could lead to an information disclosure.

    Microsoft Browser Security Feature Bypass (CVE-2016-7281) MS Rating: Important

    A security feature bypass vulnerability exists when the Microsoft browser Same Origin Policy fails to properly handle validation of certain specially crafted documents.

    Microsoft Browser Information Disclosure Vulnerability (CVE-2016-7282) MS Rating: Important

    An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited this issue could obtain information to further compromise a target system.

    Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7286) MS Rating: Moderate

    A remote code execution vulnerability exists when Microsoft browsers improperly access objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Scripting Engine Memory Corruption Vulnerability (CVE-2016-7287) MS Rating: Critical

    A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7288) MS Rating: Moderate

    A remote code execution vulnerability exists when Microsoft Browsers improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Scripting Engine Memory Corruption Vulnerability (CVE-2016-7296) MS Rating: Critical

    A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Scripting Engine Memory Corruption Vulnerability (CVE-2016-7297) MS Rating: Critical

    A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.


  3. MS16-146 Security Update for Microsoft Graphics Component (3204066) MS Rating: Critical

    Windows GDI Information Disclosure Vulnerability (CVE-2016-7257) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

    Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7272) MS Rating: Critical

    A remote code execution vulnerability exists due to the way the Windows Graphics component handles objects in the memory. An attacker who successfully exploited this issue could take control of the affected system.

    Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7273) MS Rating: Critical

    A remote code execution vulnerability exists due to the way the Windows Graphics component handles objects in the memory. An attacker who successfully exploited this issue could take control of the affected system.


  4. MS16-147 Security Update for Microsoft Uniscribe (3204063) MS Rating: Critical

    Windows Uniscribe Remote Code Execution Vulnerability (CVE-2016-7274) MS Rating: Critical

    A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.


  5. MS16-148 Security Update for Microsoft Office (3204068) MS Rating: Critical

    Windows GDI Information Disclosure Vulnerability (CVE-2016-7257) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

    Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-7262) MS Rating: Important

    A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.

    Microsoft Office Memory Corruption Vulnerability (CVE-2016-7263) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    Microsoft Office Information Disclosure Vulnerability (CVE-2016-7264) MS Rating: Important

    An information disclosure vulnerability exists when Office or Word reads out of bound memory which may disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bounds memory.

    Microsoft Office Information Disclosure Vulnerability (CVE-2016-7265) MS Rating: Important

    An information disclosure vulnerability exists when Office or Word reads out of bound memory which may disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bounds memory.

    Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-7266) MS Rating: Important

    A security feature bypass vulnerability exists when Microsoft Office improperly checks registry settings when an attempt is made to run embedded content.

    Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-7267) MS Rating: Important

    A security feature bypass vulnerability exists in Microsoft Office software when the Office software improperly handles the parsing of file formats.

    Microsoft Office Information Disclosure Vulnerability (CVE-2016-7268) MS Rating: Important

    An information disclosure vulnerability exists when Office or Word reads out of bound memory which may disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bounds memory.

    Microsoft Office OLE DLL Side Loading Vulnerability (CVE-2016-7275) MS Rating: Important

    A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading libraries. An attacker who successfully exploited the vulnerability could take control of an affected system.

    Microsoft Office Information Disclosure Vulnerability (CVE-2016-7276) MS Rating: Important

    An information disclosure vulnerability exists when Office or Word reads out of bound memory which may disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bounds memory.

    Microsoft Office Memory Corruption Vulnerability (CVE-2016-7277) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    Microsoft Office Memory Corruption Vulnerability (CVE-2016-7289) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    Microsoft Office Information Disclosure Vulnerability (CVE-2016-7290) MS Rating: Important

    An information disclosure vulnerability exists when Office or Word reads out of bound memory which may disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bounds memory.

    Microsoft Office Information Disclosure Vulnerability (CVE-2016-7291) MS Rating: Important

    An information disclosure vulnerability exists when Office or Word reads out of bound memory which may disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bounds memory.

    Microsoft Office Memory Corruption Vulnerability (CVE-2016-7298) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    Microsoft (MAU) Office Elevation of Privilege Vulnerability (CVE-2016-7300) MS Rating: Important

    A privilege escalation vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them.


  6. MS16-149 Security Update for Microsoft Windows (3205655) MS Rating: Important

    Windows Crypto Driver Information Disclosure Vulnerabilityy (CVE-2016-7219) MS Rating: Important

    An information disclosure vulnerability exists when a Windows Crypto driver running in kernel mode improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

    Windows Installer Elevation of Privilege Vulnerability (CVE-2016-7292) MS Rating: Important

    A privilege escalation vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.


  7. MS16-150 Security Update for Windows Secure Kernel Mode (3205642) MS Rating: Important

    Win32k Information Disclosure Vulnerability (CVE-2016-7271) MS Rating: Important

    A privilege escalation vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL).


  8. MS16-151 Security Update for Windows Kernel-Mode Drivers (3205651) MS Rating: Important

    Win32k Elevation of Privilege Vulnerability (CVE-2016-7259) MS Rating: Important

    A privilege escalation vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

    Win32k Elevation of Privilege Vulnerability (CVE-2016-7260) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.


  9. MS16-152 Security Update for Windows Kernel (3199709) MS Rating: Important

    Windows Kernel Memory Information Disclosure Vulnerability (CVE-2016-7258) MS Rating: Important

    An information disclosure vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle certain page fault system calls. An authenticated attacker who successfully exploited the vulnerability could disclose information from one process to another.


  10. MS16-153 Security Update for Common Log File System Driver (3207328) MS Rating: Important

    Windows Common Log File System Driver Information Disclosure Vulnerability (CVE-2016-7295) MS Rating: Important

    An information disclosure vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.


  11. MS16-154 Security Update for Adobe Flash Player (3209498) MS Rating: Critical

    This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.


  12. MS16-155 Security Update for .NET Framework (3205640) MS Rating: Important

    .NET Framework Information Disclosure Vulnerabiltiy (CVE-2016-7270) MS Rating: Important

    A information disclosure vulnerability exists in the .NET 4.6.2 framework which could allow an attacker to access information at rest that should be defended by cryptographic mechanisms.

More information on the vulnerabilities being addressed this month is available at Symantec's free Security Response portal and to our customers through the DeepSight Threat Management System.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.