Endpoint Protection

 View Only
Back to Library

Microsoft Patch Tuesday – September 2016 

Sep 13, 2016 03:21 PM

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor released 13 bulletins, six of which are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the September 2016 releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms16-sep

The following is a breakdown of the issues being addressed this month:

  1. MS16-104 Cumulative Security Update for Internet Explorer (3183038) MS Rating: Critical

    Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3247) MS Rating: Important

    A remote code execution vulnerability exists in the way that Internet Explorer accesses objects in memory. This vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

    Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3291) MS Rating: Moderate

    An information disclosure vulnerability exists in the way that affected Microsoft browser handles cross-origin requests. An attacker who successfully exploited this vulnerability could determine the origin of all of the web pages in the affected browser.

    Microsoft Browser Elevation of Privilege Vulnerability (CVE-2016-3292) MS Rating: Important

    An elevation of privilege vulnerability exists when Internet Explorer fails a check, allowing a sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system.

    Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3295) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses objects in memory. This vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

    Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3297) MS Rating: Important

    A remote code execution vulnerability exists in the way that Internet Explorer accesses objects in memory. This vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

    Internet Explorer Memory Corruption Vulnerability (CVE-2016-3324) MS Rating: Important

    A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3325) MS Rating: Important

    An information disclosure vulnerability exists in the way that Internet Explorer handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

    Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3351) MS Rating: Important

    An information disclosure vulnerability exists in the way that Internet Explorer handles objects in memory. An attacker who successfully exploited the vulnerabilities could obtain information to further compromise a target system.

    Internet Explorer Security Feature Bypass (CVE-2016-3353) MS Rating: Important

    A security feature bypass opportunity exists in the way that Internet Explorer handles files from the Internet zone.

    Scripting Engine Memory Corruption Vulnerability (CVE-2016-3375) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Microsoft OLE Automation mechanism and the VBScript Scripting Engine in Internet Explorer access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.


  2. MS16-105 Cumulative Security Update for Microsoft Edge (3183043) MS Rating: Critical

    Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3247) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

    Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3291) MS Rating: Moderate

    An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests. An attacker who successfully exploited this vulnerability could determine the origin of all of the web pages in the affected browser.

    Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3294) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

    Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3295) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

    Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3297) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

    Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3325) MS Rating: Important

    An information disclosure vulnerability exists in the way that certain functions handle objects in memory. An attacker who successfully exploited the vulnerabilities could obtain information to further compromise a target system.

    Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3330) MS Rating: Important

    A remote code execution vulnerability exists in the way that Microsoft Edge handles objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

    Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3350) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Microsoft Browser Information Disclosure Vulnerability (CVE-2016-3351) MS Rating: Important

    An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

    PDF Library Information Disclosure Vulnerability (CVE-2016-3370) MS Rating: Important

    An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

    Microsoft Edge Information Disclosure Vulnerability (CVE-2016-3374) MS Rating: Important

    An information disclosure vulnerability exists in the way that the affected components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

    Scripting Engine Memory Corruption Vulnerability (CVE-2016-3377) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.


  3. MS16-106 Security Update for Microsoft Graphics Component (3185848) MS Rating: Critical

    Win32k Elevation of Privilege Vulnerability (CVE-2016-3348) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that certain Windows kernel-mode drivers handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode.

    Win32k Elevation of Privilege Vulnerability (CVE-2016-3349) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that certain Windows kernel-mode drivers handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in kernel mode.

    GDI Information Disclosure Vulnerability (CVE-2016-3354) MS Rating: Important

    An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system.

    GDI Elevation of Privilege Vulnerability (CVE-2016-3355) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    GDI Remote Code Execution Vulnerability (CVE-2016-3356) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.


  4. MS16-107 Security Update for Office (3185852) MS Rating: Critical

    Microsoft APP-V Security Feature Bypass Vulnerability (CVE-2016-0137) MS Rating: Important

    An information disclosure vulnerability exists in the way that the Click-to-Run (C2R) components handle objects in memory, which could lead to an Address Space Layout Randomization (ASLR) bypass.

    Microsoft Office Information Disclosure Vulnerability (CVE-2016-0141) MS Rating: Important

    An information disclosure vulnerability exists when Visual Basic macros in Office improperly exports a user's private key from the certificate store while saving a document. An attacker who successfully exploited the vulnerability could potentially gain access to the user's private key.

    Microsoft Office Memory Corruption Vulnerability (CVE-2016-3357) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    Microsoft Office Memory Corruption Vulnerability (CVE-2016-3358) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    Microsoft Office Memory Corruption Vulnerability (CVE-2016-3359) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    Microsoft Office Memory Corruption Vulnerability (CVE-2016-3360) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    Microsoft Office Memory Corruption Vulnerability (CVE-2016-3361) MS Rating: Moderate

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    Microsoft Office Memory Corruption Vulnerability (CVE-2016-3362) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    Microsoft Office Memory Corruption Vulnerability (CVE-2016-3363) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    Microsoft Office Memory Corruption Vulnerability (CVE-2016-3364) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    Microsoft Office Memory Corruption Vulnerability (CVE-2016-3365) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    Microsoft Office Spoofing Vulnerability (CVE-2016-3366) MS Rating: Important

    A spoofing vulnerability exists when Microsoft Outlook does not strictly adhere to RFC2046 and improperly identifies the end of a MIME attachment. An improper MIME attachment ending may cause antivirus or antispam scanning to not work as intended.

    Microsoft Office Memory Corruption Vulnerability (CVE-2016-3381) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.


  5. MS16-108 Security Update for Microsoft Exchange Server (3185883) MS Rating: Critical

    Microsoft Exchange Information Disclosure Vulnerability (CVE-2016-0138) MS Rating: Important

    An information disclosure vulnerability exists in the way that Microsoft Exchange Server parses email messages. The vulnerability could allow an attacker to discover confidential user information that is contained in Microsoft Outlook applications.

    Microsoft Exchange Open Redirect Vulnerability (CVE-2016-3378) MS Rating: Moderate

    An open redirect vulnerability exists in Microsoft Exchange that could lead to Spoofing. To exploit the vulnerability, an attacker can send a link that has a specially crafted URL, and convince the user to click the link. When an authenticated Exchange user clicks the link, the authenticated user's browser session could be redirected to a malicious site that is designed to impersonate a legitimate website. By doing so, the attacker could trick the user and potentially acquire sensitive information, such as the user's credentials.

    Microsoft Exchange Elevation of Privilege Vulnerability (CVE-2016-3379) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that Microsoft Outlook handles meeting invitation requests. To exploit the vulnerability, an attacker could send a specially crafted Outlook meeting invitation request with malicious cross-site scripting (XSS) capability to a user.


  6. MS16-109 Security Update for Silverlight (3182373) MS Rating: Important

    Microsoft Silverlight Memory Corruption Vulnerability (CVE-2016-3367) MS Rating: Important

    A remote code execution vulnerability exists when Microsoft Silverlight improperly allows applications to access objects in memory. The vulnerability could corrupt system memory, which could allow an attacker to execute arbitrary code.


  7. MS16-110 Security Update for Windows (3178467) MS Rating: Important

    Windows Permissions Enforcement Elevation of Privilege Vulnerability (CVE-2016-3346) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that Windows enforces permissions if an attacker loads a specially crafted DLL. A locally-authenticated attacker who successfully exploited this vulnerability could run arbitrary code as a system administrator.

    Microsoft Information Disclosure Vulnerability (CVE-2016-3352) MS Rating: Important

    An information disclosure vulnerability exists when Windows fails to properly validate NT LAN Manager (NTLM) Single Sign-On (SSO) requests during Microsoft Account (MSA) login sessions. An attacker who successfully exploited the vulnerability could attempt to brute force a user's NTLM password hash.

    Windows Remote Code Execution Vulnerability (CVE-2016-3368) MS Rating: Important

    A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker who has a domain user account could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions.

    Windows Denial of Service Vulnerability (CVE-2016-3369) MS Rating: Important

    A denial of service vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. Note that the denial of service condition would not allow an attacker to execute code or to elevate user privileges.


  8. MS16-111 Security Update for Windows Kernel (3186973) MS Rating: Important

    Windows Session Object Elevation of Privilege Vulnerability (CVE-2016-3305) MS Rating: Important

    A Windows session object elevation of privilege vulnerability exists in the way that Windows handles session objects. A locally authenticated attacker who successfully exploited the vulnerability could hijack the session of another user.

    Windows Session Object Elevation of Privilege Vulnerability (CVE-2016-3306) MS Rating: Important

    A Windows session object elevation of privilege vulnerability exists in the way that Windows handles session objects. A locally authenticated attacker who successfully exploited the vulnerability could hijack the session of another user.

    Windows Kernel Elevation of Privilege Vulnerability (CVE-2016-3371) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could gain access to information that is not intended for the user.

    Windows Kernel Elevation of Privilege Vulnerability (CVE-2016-3372) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions. An attacker who successfully exploited the vulnerability could impersonate processes, interject cross-process communication, or interrupt system functionality.

    Windows Elevation of Privilege Vulnerability (CVE-2016-3373) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows Kernel API improperly allows a user to access sensitive registry information. An attacker who successfully exploited the vulnerability could gain access to user account information that is not intended for the user.


  9. MS16-112 Security Update for Windows Lock Screen (3178469) MS Rating: Important

    Windows Lock Screen Elevation of Privilege Vulnerability (CVE-2016-3302) MS Rating: Important

    An elevation of privilege vulnerability exists when Windows improperly allows web content to load from the Windows lock screen. To exploit the vulnerability, an attacker with physical access to a user's computer could either connect to a maliciously configured WiFi hotspot or insert a mobile broadband adaptor in the user's computer. An attacker who successfully exploited the vulnerability could potentially execute code on a user's locked computer.


  10. MS16-113 Security Update for Windows Secure Kernel Mode (3185876) MS Rating: Important

    Windows Secure Kernel Mode Information Disclosure Vulnerability (CVE-2016-3344) MS Rating: Important

    An information disclosure vulnerability exists in Windows when Windows Secure Kernel Mode improperly handles objects in memory. A locally-authenticated attacker could attempt to exploit the vulnerability by running a specially crafted application on a targeted system. The information disclosure vulnerability alone would not be sufficient for an attacker to compromise a system, but would have to be combined with additional vulnerabilities to further exploit the system.


  11. MS16-114 Security Update for Windows SMBv1 Server (3185879) MS Rating: Important

    Windows SMB Authenticated Remote Code Execution Vulnerability (CVE-2016-3345) MS Rating: Important

    A remote code execution vulnerability exists in the Microsoft Server Message Block 1.0 (SMBv1) Server when an authenticated attacker sends specially crafted packets to the SMBv1 server, because the SMBv1 Server implementation improperly handles certain requests.


  12. MS16-115 Security Update for Microsoft Windows PDF Library (3188733) MS Rating: Important

    Microsoft PDF Remote Code Execution Vulnerability (CVE-2016-3370) MS Rating: Important

    A remote code execution vulnerability exists in the way that the Windows PDF Library handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

    Microsoft PDF Remote Code Execution Vulnerability (CVE-2016-3374) MS Rating: Important

    A remote code execution vulnerability exists in the way that the Windows PDF Library handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.


  13. MS16-116 Security Update in OLE Automation for VBScript Scripting Engine (3188724) MS Rating: Critical

    Scripting Engine Information Disclosure Vulnerability (CVE-2016-3375) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Microsoft OLE Automation mechanism and the VBScript Scripting Engine in Internet Explorer access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

More information on the vulnerabilities being addressed this month is available at Symantec's free Security Response portal and to our customers through the DeepSight Threat Management System.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.