This Patch Tuesday introduces ten bulletins, half of which are critically rated. Starting this month, Microsoft is rolling out a new update process (similar to Windows 10) for Windows 7, 8.1, 2012, and 2012R2 systems. Details can be found here.
Kicking things off in usual fashion, Internet Explorer is patched for six memory corruptions, two elevation of privileges, and three information disclosures. The memory corruption vulnerabilities are the most severe, allowing for remote attackers to execute arbitrary code within the context of the current user.
Edge is back with a memory corruption within the browser and seven within the scripting engine, along with two information disclosures, an elevation of privilege, and a security feature bypass. Again the most sever vulnerabilities are the memory corruptions. What’s troubling is that when Edge was rolled out, it was considered light years ahead of IE, in terms of security. However, we’re seeing more and more vulnerabilities present themselves within Edge each month. This is one update you’ll not want to miss.
Microsoft Graphics Component makes a typical splash on this Patch Tuesday with seven separate vulnerabilities, two of which are considered critical. The critical vulnerabilities result in remote code execution, and the vulnerabilities rated important result in elevation of privilege and information disclosure. As usual these vulnerabilities stem from memory corruption when processing a malicious file. This should serve as yet another steady reminder to be careful about what links you click on, and verify the source of all email attachments. Two of these vulnerabilities were reported by Google Project Zero, one by Kaspersky Lab, and one by Qihoo 360 Vulcan Team.
Office is surprisingly only patched for one memory corruption vulnerability, giving this bulletin an important rating. Although one vulnerability is to blame, it spans across multiple products, including WebApps, and Sharepoint Server.
Coming as an unusual face on Patch Tuesday, Microsoft Video Control contains a critical vulnerability that could allow for remote code execution. As a typical attack vector, the software mishandles objects in memory and results in corruption. The code executed would have the same privileges as the user who opened the malicious file, so users should exercise least privilege in order to help mitigate this form of attack.
Kernel-Mode Drivers have been updated for multiple important rated vulnerabilities, all resulting in elevation of privilege. Once again, the issue stems from improper handling of objects stored in memory. An authenticated user could install a specially crafted application that exploits the vulnerability, allowing them to run arbitrary code within kernel mode, elevating the user’s privilege beyond that of an administrator. Two of these vulnerabilities were reported by members of Google Project Zero, one by Qihoo 360 Vulcan Team, and one by Tencent.
Windows registry has come under the gun with four new CVE’s attached to its new knowledge base article that were discovered. This new discovery would let an attacker run a special application to gain access to information in the registry. The flaw is with how the Kernel API handles access to registry information. The update restricts how API handles this information.
Diagnostics Hub makes a casual appearance on this Patch Tuesday, with just one important rated vulnerability. Exploiting the vulnerability would result in elevation of privilege. The vulnerability stems from improper sanitization of input, which could lead to insecure library loading. To exploit this vulnerability, an attacker would have to log onto the system and run a maliciously crafted application. This vulnerability was reported by Google Project Zero.
Microsoft Internet Messaging API have been found guilty of improperly handling objects in its memory. A victim would have to navigate to a malicious website for them to be exploited. The attacker then would be able to test for the existence of files on the disk. This has been addressed by changing the way Internet Messaging API is handled in memory.
This security update is addressing the vulnerabilities release in Adobe security bulletin APSB16-32 that effect Internet Explorer 10 and 11, along with Edge. All twelve vulnerabilities address critical vulnerabilities according to Adobe. It was discovered that there are several code execution flaws that range from type confusion vulnerability, memory corruption vulnerability, and a use-after-free vulnerability. Also it addresses one of the bigger issues of a security bypass that could allow a potential attacker to take control of the system.