NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

April 2016 Patch Tuesday

April 12, 2016

  • Blog
  • Archive

patch tuesday

April’s Patch Tuesday offers up 13 bulletins which include the typical misfits – IE, Edge, and Office. That’s not to say there weren’t any interesting products that were patched. For example, the remote protocols SAM and LSAD came under fire with the “Badlock” vulnerability, which is susceptible to a man-in-the-middle attack. Additionally, Adobe Flash Player (which seems to now be integrated with Patch Tuesday) addresses an actively exploited vulnerability which allows for arbitrary remote code execution! Overall, 40 vulnerabilities were patched, making this a moderately sized Patch Tuesday.

MS16-037: Cumulative Security Update for Internet Explorer (3148531)

First off, Internet Explorer gets its monthly dose of patches which resolves a DLL hijack, an information disclosure, and four memory corruption vulnerabilities. These memory corruption vulnerabilities could allow an attacker to exploit them remotely via a specially crafted website, giving this bulletin a critical rating.

MS16-038: Cumulative Security Update for Microsoft Edge (3148532)

Edge also receives its monthly does of patches resolving two elevation of privileges and four memory corruption vulnerabilities. Much like IE, this bulletin is critically-rated due to the remote exploitation potential of the memory corruption vulnerabilities.

MS16-039: Security Update for Microsoft Graphics Component (3148522)

Next up, Microsoft Graphics is patched for a critical memory corruption vulnerability and three elevation of privilege (EoP) vulnerabilities. The EoP vulnerabilities are caused by Windows’ kernel-mode driver not properly handling objects in memory and can allow an attacker to run arbitrary code in kernel mode. The memory corruption vulnerability is caused by improperly handling embedded fonts which an attacker can implant within a document or webpage.

MS16-040: Security Update for Microsoft XML Core Services (3148541)

XML Core Services is patched this month for a critical remote code execution vulnerability. The issue lies within the MSXML parser when trying to process user input. An attacker could exploit the vulnerability by hosting a malicious website designed to invoke MSXML through internet explorer.

MS16-041: Security Update for .NET Framework (3148789)

.NET is patched for a vulnerability which occurs from not validating user input on library loading. Successful exploitation could allow an attacker to take control of the affected machine if they had access to the local filesystem. Users whose accounts are configured with fewer privileges are less impacted because exploitation occurs in the same account context.

MS16-042: Security Update for Microsoft Office - Critical (3148775)

This bulletin resolves four memory corruption vulnerabilities within Microsoft Office. The issue involves Office not properly handling objects in memory allowing a remote attacker to execute arbitrary code in the context of the current user. Three of these vulnerabilities are rated as “important” however, for CVE-2016-0127, the attack vector is through the Preview Pane and is considered critical.

MS16-044: Security Update for Windows OLE (3146706)

Windows OLE is patched for an important vulnerability caused by improper validation of user input. A remote attacker could convince a user to open a malicious file or webpage and execute arbitrary code.

MS16-045: Security Update for Windows Hyper-V (3143118)

Next in line, Hyper-V is patched for three vulnerabilities consisting of a remote code execution and two information disclosures. These vulnerabilities are caused by Hyper-V failing to validate input from an authenticated user on a guest operating system. Note, however, the Hyper-V role must be enabled on the system for this vulnerability to be applicable.

MS16-046: Security Update for Secondary Logon (3148538)

This bulletin resolves an issue with the Secondary Logon service of Windows 10 systems. An attacker could potentially elevate their privileges and execute code in the Administrator context. This issue is caused from Secondary logon failing to manage requests in memory.

MS16-047: Security Update for SAM and LSAD Remote Protocols (3148527)

The Security Account Manager (SAM) and Local Security Authority Domain Policy (LSAD) remote protocols have come under fire recently as this bulletin resolves a Remote Procedure Call (RPC) downgrade vulnerability, which occurs during the establishment of an RPC channel when accepting authentication levels. A Man-In-The-Middle attacker could force a downgrade and then impersonate an authenticated user. This vulnerability was discovered by Stefan Metzmacher of the international Samba Core Team and has labeled it as “Badlock.” Note there are several exploitation proof-of-concepts circulating, so this vulnerability should not be taken lightly.

MS16-048: Security Update for CSRSS (3148528)

Next, the Client-Server-Run-time Subsystem (CSRSS) is patched for a security bypass vulnerability which an attacker could exploit to run arbitrary code in the Administrator context. The issue is caused by CSRSS failing to validate process tokens in memory.

MS16-049: Security Update for HTTP.sys (3148795)

This bulletin addresses a Denial of Service vulnerability within Windows’ HTTP driver. The issue arises when HTTP.sys improperly parses specially crafted HTTP 2.0 requests causing the affected system to become unresponsive.

MS16-050: Security Update for Adobe Flash Player (3154132)

Last, but certainly not least, Adobe Flash Player is patched for ten vulnerabilities affecting Windows 8.1-and-above systems. The vulnerabilities can allow a remote attacker to execute arbitrary code and there are reports of CVE-2016-1019 being actively exploited prior to this bulletin release.

Author, BeyondTrust Research Team

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.