Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

February 2016 Patch Tuesday

February 9, 2016

  • Blog
  • Archive

patch tuesday

February’s Patch Tuesday contains some new aspects which have not been previously seen in months past. One being the inclusion of Adobe Flash Player, which is usually disclosed in Microsoft Security Advisories. Additionally, Windows Reader and PDF library join the party signifying that Microsoft Apps may be a new target for attackers and security researchers. Finally, MS16-009 makes its appearance after being absent from January’s Patch Tuesday. Overall, this month consists of 13 bulletins, six of which are critically-rated. 63 vulnerabilities are addressed in total, with 22 coming from Adobe Flash Player.

MS16-009: Cumulative Security Update for Internet Explorer (3134220)

Starting off this month, Internet Explorer is updated for one DLL hijacking, one information disclosure, eight memory corruptions, one spoofing, and two elevation of privilege vulnerabilities, totaling 13 in all. What sets this update apart from any other IE update is that this month only targets three versions of IE – 9, 10, and 11 due to Microsoft ending support for other versions last month.

MS16-011: Cumulative Security Update for Microsoft Edge (3134225)

Skipping over MS16-010, this update addresses one spoofing, one ASLR bypass, and four memory corruption vulnerabilities within the Edge browser. The worst of these being memory corruption, due to the fact that these types of vulnerabilities almost always lead to code execution.

MS16-012: Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3138938)

New to the vulnerability scene is Windows Reader, which is only available on Windows 8.1 and above via the app store. This update resolves two issues within Reader and Windows’ PDF Library which contains a classic buffer overflow while Reader suffers from memory corruption, making this bulletin critically-rated.

MS16-013: Security Update for Windows Journal to Address Remote Code Execution (3134811)

This bulletin updates Journal for one memory corruption vulnerability potentially leading to remote code execution when opening a specially crafted Journal file. The exploitation is limited to the current user rights upon opening a malicious file, so as always, it’s important to practice the principal of least privileges.

MS16-014: Security Update for Microsoft Windows to Address Remote Code Execution (3134228)

This important-rated bulletin updates an elevation of privilege, a Kerberos security bypass, and three DLL hijacking vulnerabilities. The Kerberos bypass is the result of failing to check when a user’s password has been changed. Meanwhile, the DLL hijacking vulnerabilities require an attacker to have prior access to the file system in order to plant malicious DLL files which execute arbitrary code.

MS16-015: Security Update for Microsoft Office to Address Remote Code Execution (3134226)

Office rears its monthly flaws, consisting of one cross-site scripting and six memory corruption vulnerabilities. For three of these memory corruption vulnerabilities, the preview pane within various Office products is the attack vector. Typical attack scenarios involve email phishing attacks and malicious web site hosting, reminding us that it’s important to exercise caution whenever opening email attachments or visiting unknown webpages.

MS16-016: Security Update for WebDAV to Address Elevation of Privilege (3136041)

For this bulletin, Microsoft’s Web Distributed Authoring and Versioning (WebDAV) is updated for one elevation of privilege vulnerability. The issue is caused when improperly validating user input. An attacker would already need access to the system to run a specially crafted application, exploiting this vulnerability to run arbitrary code with elevated privileges.

MS16-017: Security Update for Remote Desktop Display Driver to Address Elevation of Privilege (3134700)

RDP is back with one elevation of privilege vulnerability. Similarly to MS16-016, this vulnerability requires an attacker to already have access to a target system to execute a specially crafted application locally.

MS16-018: Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082)

This bulletin updates another elevation of privilege vulnerability within Windows kernel-mode drivers. Specifically, the win32k.sys driver does not properly handle objects in memory allowing an attacker to use this in conjunction with other attacks to further compromise a system.

MS16-019: Security Update for .NET Framework to Address Denial of Service (3137893)

The .NET framework is updated for one memory corruption and one information disclosure vulnerability. The memory corruption vulnerability, due to a classic stack overflow from improperly handling XSLT transformations, results only in a denial of service, rendering this bulletin as important-rated.

MS16-020: Security Update for Active Directory Federation Services to Address Denial of Service (3134222)

This bulletin updates a denial of service vulnerability within Active Directory Federation Services (ADFS). The vulnerability stems from improperly handling user supplied data during forms-based authentication, causing the server to become non-responsive.

MS16-021: Security Update for Network Policy Server RADIUS implementation to Address Denial of Service (3133043)

Another denial of service vulnerability exists within Network Policy Server. This vulnerability occurs when an attacker supplies specially crafted usernames to the server, preventing RADIUS authentication and resulting in a denial of service.

MS16-022: Security Update for Adobe Flash Player (3135782)

Last but not least, Adobe Flash Player is included in a Microsoft bulletin for the first time, whereas up to this point, issues were previously disclosed in Microsoft Security Advisories. This bulletin corresponds to Adobe’s own APSB16-04 advisory which contains 22 serious vulnerabilities affecting Internet Explorer and Edge, making this a critically-rated bulletin.

BeyondTrust Research

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.