Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Patch Tuesday December 2016

December 14, 2016

  • Blog
  • Archive

Patch Tuesday

In this final Patch Tuesday of the year, Microsoft provides a total of 12 bulletins addressing vulnerabilities within the typical products such as IE, Edge, and Office. Some new faces also make an appearance with Uniscribe and The Auto-Updater for Office On Mac systems. Out of the 12 bulletins, half are rated critical while the other half are rated important.

MS16-144: Cumulative Security Update for Internet Explorer (3204059)

Starting things off, Internet Explorer is patch for a total of 8 vulnerabilities consisting of 4 memory corruptions, 3 information disclosures, and a security feature bypass. The memory corruptions are the most severe, which can allow remote attackers to execute arbitrary code by hosting a malicious website and convincing a victim to browse to it.

MS16-145: Cumulative Security Update for Microsoft Edge (3204062)

Up next, Edge is patched for even more vulnerabilities than IE, clocking in with 11 vulnerabilities total consisting of 7 memory corruptions, 3 information disclosures, and 1 security feature bypass. Again, the most severe of these are the memory corruption vulnerabilities, making this bulletin critically-rated.

MS16-146: Security Update for Microsoft Graphics Component (3204066)

As a returning usual suspect, more vulnerabilities have been found in Microsoft Graphics Component. The worst of these vulnerabilities could result in Remote Code Execution, and one vulnerability discloses information as to the graphic’s memory contents. There are multiple ways in which an attacker can exploit this vulnerability, they can convince a user to open a crafted document, or visit a malicious webpage. This update applies the usual memory handling remedies to solve the problem.

MS16-147: Security Update for Microsoft Uniscribe (3204063)

As a new face on Patch Tuesday, Microsoft Uniscribe has been found to contain a critical vulnerability that could lead to remote code execution. Since this is a new face, an introduction is in order. Uniscribe is a set of APIs that allow a high degree of control for fine typography and for processing complex scripts. Both complex scripts and simple scripts with fine typography effects require special processing to display and edit because the characters ("glyphs") are not laid out in a simple way. For complex scripts, the rules governing the shaping and positioning of glyphs are specified and catalogued in The Unicode Standard. In short, Uniscribe is a font processing API for Unicode based fonts. An attacker could exploit this vulnerability by either luring a victim to a malicious website, or view a malicious website.

MS16-148: Security Update for Microsoft Office (3204068)

This bulletin resolves a whopping 11 Office vulnerabilities consisting of 4 memory corruptions, a DLL side-loading vulnerability, 3 security feature bypasses, 2 information disclosures, and a privilege escalation for the auto-updater on Mac systems.

MS16-149: Security Update for Microsoft Windows (3205655)

It wouldn’t be Patch Tuesday without security updates to Windows itself. Windows contains two important-rated vulnerabilities, one for information disclosure and the other for privilege escalation. The information disclosed leaks memory content information to the user when Windows Crypto runs in kernel mode. To exploit this vulnerability, an attacker would have to log onto the system and run a specially crafted application. The escalation of privilege vulnerability results from improper input sanitization that leads to insecure library loading behavior in Windows Installer.

MS16-150: Security Update for Windows Secure Kernel Mode (3205642)

“Secure” Kernel Mode comes bearing a vulnerability as a gift this holiday season. This vulnerability is rated as important, and results in elevation of privilege. Due to improper memory handling, an attacker can violate the VTL (virtual trust levels) of Windows. A locally-authenticated attacker could attempt to exploit the vulnerability by running a specially crafted application on the target system. The update applies the usual memory handling fixes to properly enforce VTL.

MS16-151: Security Update for Windows Kernel-Mode Drivers (3205651)

Microsoft addresses two privilege escalation flaws that exists in the Windows graphics component and kernel mode driver. This is particularly dangerous because of the range of affected operating systems and the ability to take control over the system. In CVE-2016-7259, an attacker would have to craft a special application to take advantage of how the graphics component improperly handles objects in the memory. This could lead to attacker running processes in elevated context. CVE-2016-7260 is less severe because the attacker has to be logged in to the affected system to exploit the vulnerability. After an attacker obtains access, they can run a special application to take advantage on how the kernel-mode driver handles objects in memory. These two vulnerabilities were resolved by Microsoft by addressing how these components handle objects in memory.

MS16-152: Security Update for Windows Kernel (3199709)

Windows Kernel makes a casual appearance this month, containing an important rated information disclosure vulnerability. Kernel Memory Addresses can be leaked when the kernel fails to properly handle certain page fault system calls. An authenticated attacker who successfully exploited the vulnerability could disclose information from one process to another. To exploit the vulnerability, an attacker would have to log on locally to an affected system, or convince a local user to execute a crafted application. The patch changes how the Windows Kernel handles certain page fault system calls.

MS16-153: Security Update for Common Log File System Driver (3207328)

A flaw has been discovered in Common Log File System driver which is the result of CLFS improperly handling objects in its memory. An attacker to could run an application to bypass security and further exploit the machine. Microsoft has fixed this by addressing how CLFS driver handles objects in memory.

MS16-154: Security Update for Adobe Flash Player (3209498)

This bulletin addresses vulnerabilities related to Adobe’s security bulletin APSB16-39 which resolves 16 vulnerabilities within Flash. This bulletin serves as a reminder to be extra careful when following links from emails and other less the trustworthy sources.

MS16-155: Security Update for .NET Framework (3205640)

.NET Framework is patched for an information disclosure resulting from improper handling of developer-supplied keys, which is usually protected by the Always Encrypted feature. An attacker could potentially decrypt data utilizing an easily guessable key.

Author, BeyondTrust Research Team

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Mapping BeyondTrust Solutions to the Qatar National Information Assurance Policy v2.0

Whitepapers

KuppingerCole Executive Review - BeyondTrust Endpoint Privilege Management

Webcasts

Tech Talk Tuesday: Managing Vendor Access

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.