Patch Tuesday arrives this month with a total of 11 bulletins, six of which are rated as Critical, five as Important. Overall, 56 unique vulnerabilities were addressed with Adobe Flash clocking-in at 24 vulnerabilities.
Our returning usual suspect, Internet Explorer has been patched for multiple vulnerabilities. Depending on what version of Internet explorer you’re running, the severity of this update differs. Internet Explorer versions 9 and 11 have Critical and Moderate vulnerabilities, where 10 only has Moderate. The most severe of vulnerabilities could result in remote code execution if a user views a malicious webpage. An attacker exploiting these vulnerabilities would have privileges equal to the current user, making any admins lured to the malicious site particularly in danger.
Edge is becoming a familiar face on Patch Tuesday, returning again for multiple vulnerabilities. Similar to Internet Explorer, the most severe of vulnerabilities could be exploited to cause remote code execution by luring an unsuspecting victim to a malicious webpage. Privileges are again granted equal to that of the current user. Other vulnerabilities include the usual suspects of XSS and Information Leaks.
JScript and VBScript have returned with a vulnerability for memory corruption. This vulnerability ties into Internet Explorer, where the memory corruption leads to remote code execution via visiting a malicious webpage.
Concerned that your printer is out to get you? Don’t re-enact the printer revenge scene from “Office Space” just yet, Microsoft has released a patch to save the day! Two vulnerabilities were found in the Windows Print Spooler, allowing for remote code execution and elevation of privilege. The remote code execution vulnerability exists in Windows when the Print Spooler service does not properly validate print drivers while installing a printer from servers. The elevation of privilege vulnerability exists when the Microsoft Windows Print Spooler service improperly allows arbitrary writing to the file system.
Office is patched this month for seven vulnerabilities, all of which can lead to remote code execution. In order to exploit these vulnerabilities, an attacker would have to entice a victim to open a specially crafted file. Successful exploitation can allow code execution in the context of the current user, so again, exercising the principal of least privilege is always advised.
This bulletin ironically resolves an issue with the Secure Kernel for Windows 10 Systems. In this case, an attacker could leverage the vulnerability to disclose sensitive information from the target system. There are no reports of active exploitation and this issue was not publically disclosed prior to release.
Kernel-Mode Drivers are back this month with six vulnerabilities, consisting of five privilege escalations and one information disclosure. The escalation vulnerabilities stems from how the driver handles object in memory which can allow an attacker to run arbitrary code in kernel memory.
This security update addresses an information disclosure vulnerability that exists in .NET framework. An Attacker could create a special crafted XML file to trick a response which allows the application to validate the XML data. To resolve this issue, Microsoft has changed how the XML external entity parser processes input.
Up next, Windows Kernel is patched for two vulnerabilities. The first (CVE-2016-3258), is a bypass flaw in time of check time of use (TOCTOU) within file path-based checks. This flaw could potentially allow someone to modify files outside of a low integrity level application. Microsoft fixed this by adding a validation check on how a low integrity application can use certain features. Additionally, Microsoft updated a security issue with how the kernel fails to properly handle certain page fault system calls (CVE-2016-3272).
vAnother month brings with it another large Adobe Flash patch. Microsoft has released this bulletin, corresponding to Adobe’s APSB16-25 advisory, addressing 24 vulnerabilities that can allow an attacker to take control of an affected system.
To finish things off, this bulletin resolves and issue with secure boot which could allow a potential attacker to apply a bad policy. This policy could be used to bypass the secure boot integrity validation for bit locker and the device encryption security features. Microsoft has address this issue by block listing affected policies.
Scott Lang, Sr. Director, Product Marketing at BeyondTrust
Scott Lang has nearly 20 years of experience in technology product marketing, currently guiding the product marketing strategy for BeyondTrust’s privileged account management solutions and vulnerability management solutions. Prior to joining BeyondTrust, Scott was director of security solution marketing at Dell, formerly Quest Software, where he was responsible for global security campaigns, product marketing for identity and access management and Windows server management.