SlideShare a Scribd company logo

Patch Tuesday Analysis - June 2016

Download as PPTX, PDF
Ivanti, profile picture
Ivanti

This document summarizes an upcoming webinar on the June 2016 Patch Tuesday. The webinar will provide an overview of the known issues and bulletins for June's Patch Tuesday, including updates for Windows 10, Internet Explorer, Edge, Office, Adobe Flash Player, and other Microsoft products. It lists the vulnerabilities addressed and their potential impacts, such as remote code execution or elevation of privilege. Attendees will have a chance to ask questions.

Technology
1 of 33
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
Patch Tuesday Webinar Wednesday, June 15th, 2016 Chris Goettl • Product Manager, Shavlik Dial In: 1-855-749-4750 (US) Attendees: 922 036 784 Gary McAllister Product Manager, AppSense
Agenda June 2016 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
Best Practices Privilege Management Mitigates Impact of many exploits High Threat Level vulnerabilities warrant fast rollout. 2 weeks or less is ideal to reduce exposure. User Targeted – Whitelisting and Containerization mitigate
Patch Tuesday Analysis - June 2016
OF RECIPIENTS NOW OPEN PHISHING MESSAGES AND 11% CLICK ON ATTACHMENTS. 23%“ Verizon 2015 Data Breach Investigations Report http://www.verizonenterprise.com/DBIR/2015/”
The weakest link Definition: User Targeted A vulnerability that cannot be exploited except by means of convincing a user to take an action. These often take the form of phishing attacks, targeted web content or documents designed to exploit the vulnerability. 0 2 4 6 8 10 12 14 16 18 January February March April May June Bulletin Count User Targeted
Mitigate Impact A vulnerability that when exploited allows the attacker to operate in the context of the current user. Reducing user privileges reduces the attackers ability to operate thereby slowing their ability to move around your environment. 0 2 4 6 8 10 12 14 16 18 January February March April May June Bulletin Count Privilege Management Reduces Impact Privilege Management Reduces Impact:
Patch Tuesday Analysis - June 2016
Patch Tuesday Analysis - June 2016
Patch Tuesday Analysis - June 2016
News – Adobe Zero Day update releasing tomorrow (MOST LIKELY) Expect a Chrome update Expect another Microsoft Security Bulletin FireFox will have a variation to be updated as well Yes, this is the exact same text as I had on this slide last month…
CSWU-025: Cumulative update for Windows 10: June 14, 2016  Maximum Severity: Critical  Affected Products: Windows 10, Edge, Internet Explorer, .Net Framework, Windows  Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-063, MS16-068, MS16-072, MS16-073, MS16-074, MS16-075, MS16-077, MS16-078, MS16-080, MS16-082  Impact: Remote Code Execution, Elevation of Privilege, Denial of Service  Fixes 28 vulnerabilities:  CVE-2016-0199, CVE-2016-0200, CVE-2016-3202, CVE-2016-3205, CVE-2016-3206, CVE-2016-3207, CVE-2016-3210, CVE-2016- 3211, CVE-2016-3212, CVE-2016-3213, CVE-2016-3198, CVE-2016-3201, CVE-2016-3203, CVE-2016-3213, CVE-2016-3214, CVE-2016-3215, CVE-2016-3222 (Publicly Disclosed), CVE-2016-3223, CVE-2016-3218, CVE-2016-3221, CVE-2016-3232, CVE- 2016-3216, CVE-2016-3219, CVE-2016-3220, CVE-2016-3225, CVE-2016-3231, CVE-2016-3236, CVE-2016-3230  Restart Required: Requires Restart
MS16-063: Cumulative Security Update for Internet Explorer (3163649)  Maximum Severity: Critical  Affected Products: Internet Explorer  Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 10 vulnerabilities:  CVE-2016-0199, CVE-2016-0200, CVE-2016-3202, CVE-2016-3205, CVE-2016-3206, CVE-2016-3207, CVE-2016-3210, CVE-2016- 3211, CVE-2016-3212, CVE-2016-3213  Restart Required: Requires Restart
MS16-068: Cumulative Security Update for Microsoft Edge (3163656)  Maximum Severity: Critical  Affected Products: Edge  Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.  Impact: Remote Code Execution  Fixes 8 vulnerabilities:  CVE-2016-3198, CVE-2016-3199, CVE-2016-3201, CVE-2016-3202, CVE-2016-3203, CVE-2016-3214, CVE-2016-3215, CVE-2016- 3222 (Publicly Disclosed)  Restart Required: Requires Restart
MS16-069: Cumulative Security Update for JScript and VBScript (3163640)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 3 vulnerabilities:  CVE-2016-3205, CVE-2016-3206, CVE-2016-3207  Restart Required: May Require Restart
MS16-070: Security Update for Microsoft Office (3163610)  Maximum Severity: Critical  Affected Products: Office, SharePoint  Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user right.  Impact: Remote Code Execution  Fixes 4 vulnerabilities:  CVE-2016-0025, CVE-2016-3233, CVE-2016-3234, CVE-2016-3235  Restart Required: May Require Restart
MS16-071: Security Update for Microsoft Windows DNS Server (3164065)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a specially crafted website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-3227  Restart Required: Requires Restart
MS16-075: Security Update for Windows SMB Server (3164038)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-3225 (Publicly Disclosed)  Restart Required: Requires Restart
MS16-077: Security Update for WPAD (3165191)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process on a target system.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-3236 (Publicly Disclosed)  Restart Required: Requires Restart
MS16-082: Security Update for Microsoft Windows Search Component (3165270)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process on a target system.  Impact: Denial of Service  Fixes 1 vulnerabilities:  CVE-2016-3230 (Publicly Disclosed)  Restart Required: Requires Restart
APSA16-03: Security Advisory for Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player  Description: A critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-4171 (Exploited)  Restart Required:
MS16-072: Security Update for Group Policy (3163622)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-3223  Restart Required: Requires Restart
MS16-073: Security Update for Windows Kernel-Mode Drivers (3164028)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.  Impact: Elevation of Privilege  Fixes 3 vulnerabilities:  CVE-2016-3218, CVE-2016-3221, CVE-2016-3232  Restart Required: Requires Restart
MS16-074: Security Update for Microsoft Graphics Component (3164036)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a user opens a specially crafted document or visits a specially crafted website.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-3216  Restart Required: Requires Restart
MS16-076: Security Update for Netlogon (3167691)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to a domain controller (DC) on a target network runs a specially crafted application to establish a secure channel to the DC as a replica domain controller.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-3228  Restart Required: Requires Restart
MS16-078: Security Update for Windows Diagnostic Hub (3165479)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-3231  Restart Required: Requires Restart
MS16-079: Security Update for Microsoft Exchange Server (3160339)  Maximum Severity: Important  Affected Products: Exchange Server  Description: This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted image URL in an Outlook Web Access (OWA) message that is loaded, without warning or filtering, from the attacker-controlled URL.  Impact: Information Disclosure  Fixes 1 vulnerabilities:  CVE-2016-0028  Restart Required: May Require Restart
MS16-080: Security Update for Microsoft Windows PDF (3164302)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user. However, an attacker would have no way to force a user to open a specially crafted .pdf file.  Impact: Remote Code Execution  Fixes 3 vulnerabilities:  CVE-2016-3201, CVE-2016-3203, CVE-2016-3215  Restart Required: May Require Restart
MS16-081: Security Update for Active Directory (3160352)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain.  Impact: Denial of Service  Fixes 1 vulnerabilities:  CVE-2016-3226  Restart Required: Requires Restart
Between Patch Tuesdays New Product Support: Slack Machine-Wide Installer 2, Programmer's Notepad 2, Inkscape, Microsoft Power BI Desktop 2, Malwarebytes Anti-Malware Home Security Updates: Microsoft (1), Chrome (4), Flash Player (2), Thunderbird (2), HP System Management, LibreOffice, VMware Player, 7zip (3), iTunes (2), UltraVNC, Notepad++, Adobe Reader (3), Adobe Reader DC (3), Skype, FileZilla, Opera (2), FirefoxESR (1), VLC Media Player, WireShark (2), KeePass, Non-Security Updates: Microsoft (45), Slack Machine-Wide Installer (2), AutoCAD 2017 (2), TeamViewer, VMware Workstation, CDBurnerXP, GoToMeeting, Apache Tomcat, BoxSync, Splunk Universal Forwarder, VMware Tools (2), CCleaner, HipChat (3), Google Drive, Programmers Notepad, Citrix XenApp (2), Inkscape, Microsoft Power BI Desktop 2, VDA Core Services, Dropbox (2), Malwarebytes Anti-Malware Home, CoreFTP, GoodSync Security Tools: Microsoft (1)
Patch Tuesday Analysis - June 2016
Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.
Thank you

More Related Content

PPTX
August Patch Tuesday 2016
LANDESK
 
PPTX
Patch Tuesday Analysis - April 2016
Ivanti
 
PPTX
Patch Tuesday Analysis - March 2016
Ivanti
 
PPTX
Patch Tuesday Analysis - February 2016
Ivanti
 
PPTX
Patch Tuesday Analysis - January 2016
Ivanti
 
PPTX
Patch Tuesday Analysis - May 2016
Ivanti
 
PPTX
November2016 patchtuesdayshavlik
LANDESK
 
PPTX
October2016 patchtuesdayshavlik
LANDESK
 
August Patch Tuesday 2016
LANDESK
 
Patch Tuesday Analysis - April 2016
Ivanti
 
Patch Tuesday Analysis - March 2016
Ivanti
 
Patch Tuesday Analysis - February 2016
Ivanti
 
Patch Tuesday Analysis - January 2016
Ivanti
 
Patch Tuesday Analysis - May 2016
Ivanti
 
November2016 patchtuesdayshavlik
LANDESK
 
October2016 patchtuesdayshavlik
LANDESK
 

What's hot (16)

PPTX
Shavlik September Patch Tuesday 2016
LANDESK
 
PPTX
December2016 patchtuesdayshavlik
LANDESK
 
PPTX
Patch Tuesday Analysis - December 2015
Ivanti
 
PPTX
Patch Tuesday Analysis - October 2015
Ivanti
 
PPTX
Patch Tuesday Analysis - September 2015
Ivanti
 
PPTX
August Patch Tuesday Analysis
Ivanti
 
PPTX
January2017 patchtuesdayshavlik
LANDESK
 
PPTX
Patch Tuesday Analysis - August 2015
Ivanti
 
PPTX
January Patch Tuesday Webinar 2018
Ivanti
 
PPTX
February 2018 Patch Tuesday Analysis
Ivanti
 
PPTX
Patch Tuesday Analysis - July 2015
Ivanti
 
PPTX
July 2018 Patch Tuesday Analysis
Ivanti
 
PPTX
December 2017 Patch Tuesday
Ivanti
 
PPTX
October 2017 Ivanti Patch Tuesday Analysis
Ivanti
 
PPTX
Ivanti Patch Tuesday November 2017
Ivanti
 
PPTX
March 2018 Patch Tuesday Ivanti
Ivanti
 
Shavlik September Patch Tuesday 2016
LANDESK
 
December2016 patchtuesdayshavlik
LANDESK
 
Patch Tuesday Analysis - December 2015
Ivanti
 
Patch Tuesday Analysis - October 2015
Ivanti
 
Patch Tuesday Analysis - September 2015
Ivanti
 
August Patch Tuesday Analysis
Ivanti
 
January2017 patchtuesdayshavlik
LANDESK
 
Patch Tuesday Analysis - August 2015
Ivanti
 
January Patch Tuesday Webinar 2018
Ivanti
 
February 2018 Patch Tuesday Analysis
Ivanti
 
Patch Tuesday Analysis - July 2015
Ivanti
 
July 2018 Patch Tuesday Analysis
Ivanti
 
December 2017 Patch Tuesday
Ivanti
 
October 2017 Ivanti Patch Tuesday Analysis
Ivanti
 
Ivanti Patch Tuesday November 2017
Ivanti
 
March 2018 Patch Tuesday Ivanti
Ivanti
 
Ad

Viewers also liked (7)

PPTX
Patch Tuesday Analysis - July 2016
Ivanti
 
PPTX
Patch Tuesday Analysis - September 2016
Ivanti
 
PPTX
Patch Tuesday Analysis - August 2016
Ivanti
 
PPTX
Patch Tuesday Analysis - November 2015
Ivanti
 
PPTX
Patch Tuesday Analysis - October 2016
Ivanti
 
PPTX
Patch Tuesday Analysis - November 2016
Ivanti
 
PPTX
Patch Tuesday Analysis - December 2016
Ivanti
 
Patch Tuesday Analysis - July 2016
Ivanti
 
Patch Tuesday Analysis - September 2016
Ivanti
 
Patch Tuesday Analysis - August 2016
Ivanti
 
Patch Tuesday Analysis - November 2015
Ivanti
 
Patch Tuesday Analysis - October 2016
Ivanti
 
Patch Tuesday Analysis - November 2016
Ivanti
 
Patch Tuesday Analysis - December 2016
Ivanti
 
Ad

Similar to Patch Tuesday Analysis - June 2016 (13)

PPTX
Patch Tuesday Analysis - March 2017
Ivanti
 
PPTX
Patch Tuesday Analysis - January 2017
Ivanti
 
PDF
August Patch Tuesday
Ivanti
 
PPTX
2022 March Patch Tuesday
Ivanti
 
PPTX
October Patch Tuesday Analysis 2018
Ivanti
 
PDF
Français Patch Tuesday - juillet
Ivanti
 
PDF
Patch Tuesday de Noviembre
Ivanti
 
PDF
Patch Tuesday Italia Luglio
Ivanti
 
PDF
Akila srinivasan microsoft-bug_bounty-(publish)
PacSecJP
 
PPTX
January 2022 patch tuesday
Ivanti
 
PPTX
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
Qualys
 
PPTX
November Patch Tuesday Analysis
Ivanti
 
PDF
Patch Tuesday Italia Novembre
Ivanti
 
Patch Tuesday Analysis - March 2017
Ivanti
 
Patch Tuesday Analysis - January 2017
Ivanti
 
August Patch Tuesday
Ivanti
 
2022 March Patch Tuesday
Ivanti
 
October Patch Tuesday Analysis 2018
Ivanti
 
Français Patch Tuesday - juillet
Ivanti
 
Patch Tuesday de Noviembre
Ivanti
 
Patch Tuesday Italia Luglio
Ivanti
 
Akila srinivasan microsoft-bug_bounty-(publish)
PacSecJP
 
January 2022 patch tuesday
Ivanti
 
How to Rapidly Identify Assets at Risk to WannaCry Ransomware
Qualys
 
November Patch Tuesday Analysis
Ivanti
 
Patch Tuesday Italia Novembre
Ivanti
 

More from Ivanti (20)

PDF
August Patch Tuesday
Ivanti
 
PDF
Français Patch Tuesday - Juillet
Ivanti
 
PDF
July Patch Tuesday
Ivanti
 
PDF
Français Patch Tuesday - Juin
Ivanti
 
PDF
June Patch Tuesday
Ivanti
 
PDF
Français Patch Tuesday - Mai
Ivanti
 
PDF
May Patch Tuesday
Ivanti
 
PDF
Français Patch Tuesday - Avril
Ivanti
 
PDF
April Patch Tuesday
Ivanti
 
PDF
Français Patch Tuesday - Mars
Ivanti
 
PDF
March Patch Tuesday
Ivanti
 
PDF
Français Patch Tuesday - Février
Ivanti
 
PDF
February Patch Tuesday
Ivanti
 
PDF
Patch Tuesday de Diciembre
Ivanti
 
PDF
Français Patch Tuesday - Décembre
Ivanti
 
PDF
Patch Tuesday Italia Dicembre
Ivanti
 
PDF
December Patch Tuesday
Ivanti
 
PDF
Patch Tuesday de Noviembre
Ivanti
 
PDF
Français Patch Tuesday - Novembre
Ivanti
 
PDF
November Patch Tuesday
Ivanti
 
August Patch Tuesday
Ivanti
 
Français Patch Tuesday - Juillet
Ivanti
 
July Patch Tuesday
Ivanti
 
Français Patch Tuesday - Juin
Ivanti
 
June Patch Tuesday
Ivanti
 
Français Patch Tuesday - Mai
Ivanti
 
May Patch Tuesday
Ivanti
 
Français Patch Tuesday - Avril
Ivanti
 
April Patch Tuesday
Ivanti
 
Français Patch Tuesday - Mars
Ivanti
 
March Patch Tuesday
Ivanti
 
Français Patch Tuesday - Février
Ivanti
 
February Patch Tuesday
Ivanti
 
Patch Tuesday de Diciembre
Ivanti
 
Français Patch Tuesday - Décembre
Ivanti
 
Patch Tuesday Italia Dicembre
Ivanti
 
December Patch Tuesday
Ivanti
 
Patch Tuesday de Noviembre
Ivanti
 
Français Patch Tuesday - Novembre
Ivanti
 
November Patch Tuesday
Ivanti
 

Recently uploaded (20)

PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
KodekX | Application Modernization Development
KodekX
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Teaching material agriculture food technology
LiaRayya
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
KodekX | Application Modernization Development
KodekX
 

Patch Tuesday Analysis - June 2016

  • 1. Patch Tuesday Webinar Wednesday, June 15th, 2016 Chris Goettl • Product Manager, Shavlik Dial In: 1-855-749-4750 (US) Attendees: 922 036 784 Gary McAllister Product Manager, AppSense
  • 2. Agenda June 2016 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
  • 3. Best Practices Privilege Management Mitigates Impact of many exploits High Threat Level vulnerabilities warrant fast rollout. 2 weeks or less is ideal to reduce exposure. User Targeted – Whitelisting and Containerization mitigate
  • 5. OF RECIPIENTS NOW OPEN PHISHING MESSAGES AND 11% CLICK ON ATTACHMENTS. 23%“ Verizon 2015 Data Breach Investigations Report http://www.verizonenterprise.com/DBIR/2015/”
  • 6. The weakest link Definition: User Targeted A vulnerability that cannot be exploited except by means of convincing a user to take an action. These often take the form of phishing attacks, targeted web content or documents designed to exploit the vulnerability. 0 2 4 6 8 10 12 14 16 18 January February March April May June Bulletin Count User Targeted
  • 7. Mitigate Impact A vulnerability that when exploited allows the attacker to operate in the context of the current user. Reducing user privileges reduces the attackers ability to operate thereby slowing their ability to move around your environment. 0 2 4 6 8 10 12 14 16 18 January February March April May June Bulletin Count Privilege Management Reduces Impact Privilege Management Reduces Impact:
  • 11. News – Adobe Zero Day update releasing tomorrow (MOST LIKELY) Expect a Chrome update Expect another Microsoft Security Bulletin FireFox will have a variation to be updated as well Yes, this is the exact same text as I had on this slide last month…
  • 12. CSWU-025: Cumulative update for Windows 10: June 14, 2016  Maximum Severity: Critical  Affected Products: Windows 10, Edge, Internet Explorer, .Net Framework, Windows  Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-063, MS16-068, MS16-072, MS16-073, MS16-074, MS16-075, MS16-077, MS16-078, MS16-080, MS16-082  Impact: Remote Code Execution, Elevation of Privilege, Denial of Service  Fixes 28 vulnerabilities:  CVE-2016-0199, CVE-2016-0200, CVE-2016-3202, CVE-2016-3205, CVE-2016-3206, CVE-2016-3207, CVE-2016-3210, CVE-2016- 3211, CVE-2016-3212, CVE-2016-3213, CVE-2016-3198, CVE-2016-3201, CVE-2016-3203, CVE-2016-3213, CVE-2016-3214, CVE-2016-3215, CVE-2016-3222 (Publicly Disclosed), CVE-2016-3223, CVE-2016-3218, CVE-2016-3221, CVE-2016-3232, CVE- 2016-3216, CVE-2016-3219, CVE-2016-3220, CVE-2016-3225, CVE-2016-3231, CVE-2016-3236, CVE-2016-3230  Restart Required: Requires Restart
  • 13. MS16-063: Cumulative Security Update for Internet Explorer (3163649)  Maximum Severity: Critical  Affected Products: Internet Explorer  Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 10 vulnerabilities:  CVE-2016-0199, CVE-2016-0200, CVE-2016-3202, CVE-2016-3205, CVE-2016-3206, CVE-2016-3207, CVE-2016-3210, CVE-2016- 3211, CVE-2016-3212, CVE-2016-3213  Restart Required: Requires Restart
  • 14. MS16-068: Cumulative Security Update for Microsoft Edge (3163656)  Maximum Severity: Critical  Affected Products: Edge  Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.  Impact: Remote Code Execution  Fixes 8 vulnerabilities:  CVE-2016-3198, CVE-2016-3199, CVE-2016-3201, CVE-2016-3202, CVE-2016-3203, CVE-2016-3214, CVE-2016-3215, CVE-2016- 3222 (Publicly Disclosed)  Restart Required: Requires Restart
  • 15. MS16-069: Cumulative Security Update for JScript and VBScript (3163640)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 3 vulnerabilities:  CVE-2016-3205, CVE-2016-3206, CVE-2016-3207  Restart Required: May Require Restart
  • 16. MS16-070: Security Update for Microsoft Office (3163610)  Maximum Severity: Critical  Affected Products: Office, SharePoint  Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user right.  Impact: Remote Code Execution  Fixes 4 vulnerabilities:  CVE-2016-0025, CVE-2016-3233, CVE-2016-3234, CVE-2016-3235  Restart Required: May Require Restart
  • 17. MS16-071: Security Update for Microsoft Windows DNS Server (3164065)  Maximum Severity: Critical  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a specially crafted website. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-3227  Restart Required: Requires Restart
  • 18. MS16-075: Security Update for Windows SMB Server (3164038)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-3225 (Publicly Disclosed)  Restart Required: Requires Restart
  • 19. MS16-077: Security Update for WPAD (3165191)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process on a target system.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-3236 (Publicly Disclosed)  Restart Required: Requires Restart
  • 20. MS16-082: Security Update for Microsoft Windows Search Component (3165270)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process on a target system.  Impact: Denial of Service  Fixes 1 vulnerabilities:  CVE-2016-3230 (Publicly Disclosed)  Restart Required: Requires Restart
  • 21. APSA16-03: Security Advisory for Adobe Flash Player  Maximum Severity: Critical  Affected Products: Adobe Flash Player  Description: A critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-4171 (Exploited)  Restart Required:
  • 22. MS16-072: Security Update for Group Policy (3163622)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-3223  Restart Required: Requires Restart
  • 23. MS16-073: Security Update for Windows Kernel-Mode Drivers (3164028)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.  Impact: Elevation of Privilege  Fixes 3 vulnerabilities:  CVE-2016-3218, CVE-2016-3221, CVE-2016-3232  Restart Required: Requires Restart
  • 24. MS16-074: Security Update for Microsoft Graphics Component (3164036)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a user opens a specially crafted document or visits a specially crafted website.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-3216  Restart Required: Requires Restart
  • 25. MS16-076: Security Update for Netlogon (3167691)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to a domain controller (DC) on a target network runs a specially crafted application to establish a secure channel to the DC as a replica domain controller.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-3228  Restart Required: Requires Restart
  • 26. MS16-078: Security Update for Windows Diagnostic Hub (3165479)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-3231  Restart Required: Requires Restart
  • 27. MS16-079: Security Update for Microsoft Exchange Server (3160339)  Maximum Severity: Important  Affected Products: Exchange Server  Description: This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow information disclosure if an attacker sends a specially crafted image URL in an Outlook Web Access (OWA) message that is loaded, without warning or filtering, from the attacker-controlled URL.  Impact: Information Disclosure  Fixes 1 vulnerabilities:  CVE-2016-0028  Restart Required: May Require Restart
  • 28. MS16-080: Security Update for Microsoft Windows PDF (3164302)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user. However, an attacker would have no way to force a user to open a specially crafted .pdf file.  Impact: Remote Code Execution  Fixes 3 vulnerabilities:  CVE-2016-3201, CVE-2016-3203, CVE-2016-3215  Restart Required: May Require Restart
  • 29. MS16-081: Security Update for Active Directory (3160352)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Active Directory. The vulnerability could allow denial of service if an authenticated attacker creates multiple machine accounts. To exploit the vulnerability an attacker must have an account that has privileges to join machines to the domain.  Impact: Denial of Service  Fixes 1 vulnerabilities:  CVE-2016-3226  Restart Required: Requires Restart
  • 30. Between Patch Tuesdays New Product Support: Slack Machine-Wide Installer 2, Programmer's Notepad 2, Inkscape, Microsoft Power BI Desktop 2, Malwarebytes Anti-Malware Home Security Updates: Microsoft (1), Chrome (4), Flash Player (2), Thunderbird (2), HP System Management, LibreOffice, VMware Player, 7zip (3), iTunes (2), UltraVNC, Notepad++, Adobe Reader (3), Adobe Reader DC (3), Skype, FileZilla, Opera (2), FirefoxESR (1), VLC Media Player, WireShark (2), KeePass, Non-Security Updates: Microsoft (45), Slack Machine-Wide Installer (2), AutoCAD 2017 (2), TeamViewer, VMware Workstation, CDBurnerXP, GoToMeeting, Apache Tomcat, BoxSync, Splunk Universal Forwarder, VMware Tools (2), CCleaner, HipChat (3), Google Drive, Programmers Notepad, Citrix XenApp (2), Inkscape, Microsoft Power BI Desktop 2, VDA Core Services, Dropbox (2), Malwarebytes Anti-Malware Home, CoreFTP, GoodSync Security Tools: Microsoft (1)
  • 32. Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.

Editor's Notes

  • #6: NEARLY 50% OPEN E-MAILS AND CLICK ON PHISHING LINKS WITHIN THE FIRST HOUR.
  • #13: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. User Targeted - Privilege Management Mitigates Impact
  • #14: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. Ensure that your Internet Explorer version is at the latest for the OS you are installed on. Microsoft is only updating the latest version for each supported OS since January 2016. For details please see: https://support.microsoft.com/en-us/lifecycle#gp/Microsoft-Internet-Explorer User Targeted - Privilege Management Mitigates Impact Microsoft Internet Explorer Memory Corruption Vulnerabilities Remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. The vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. An attacker could host a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by an enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. The update addresses the vulnerabilities by modifying how Internet Explorer handles objects in memory. Multiple Scripting Engine Memory Corruption Vulnerabilities Multiple remote code execution vulnerabilities exist in the way that the JScript 9, JScript, and VBScript engines render when handling objects in memory in Internet Explorer. The vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerabilities. The update addresses the vulnerabilities by modifying how the JScript 9, JScript, and VBScript scripting engines handle objects in memory.
  • #15: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User targeted vulnerabilities – Privilege Management Mitigates Impact Multiple Scripting Engine Memory Corruption Vulnerabilities – CVE-2016-3222 (Publicly Disclosed) Multiple remote code execution vulnerabilities exist in the way that the Chakra JavaScript engine renders when handling objects in memory in Microsoft Edge. The vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerabilities through Microsoft Edge and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the Edge rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerabilities. The update addresses the vulnerabilities by modifying how the Chakra JavaScript scripting engine handles objects in memory. Microsoft Edge Security Feature Bypass – CVE-2016-3198 A security feature bypass exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker who exploited the bypass could trick a user into loading a page containing malicious content. To exploit the bypass, an attacker must trick a user into either loading a page containing malicious content or visiting a malicious website. The attacker could also inject the malicious page into either a compromised website or an advertisement network. The update addresses the bypass by correcting how the Edge CSP validates documents.
  • #16: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User Targeted - Privilege Management Mitigates Impact Multiple Scripting Engine Memory Corruption Vulnerabilities Multiple remote code execution vulnerabilities exist in the way that the JScript 9, JScript, and VBScript engines render when handling objects in memory in Internet Explorer. The vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites, and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerabilities.
  • #17: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User Targeted - Privilege Management Mitigates Impact Multiple Microsoft Office Memory Corruption Vulnerabilities Multiple remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince them to open the specially crafted file.
  • #18: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. Windows DNS Server Use After Free Vulnerability – CVE-2016-3227 A remote code execution vulnerability exists in Windows Domain Name System (DNS) servers when they fail to properly handle requests. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account. Windows servers that are configured as DNS servers are at risk from this vulnerability. To exploit the vulnerability, an unauthenticated attacker could send malicious requests to a Windows DNS server. The update addresses the vulnerability by modifying how Windows DNS servers handle requests.
  • #19: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. CVE-2016-3225 (Publicly Disclosed) Windows SMB Server Elevation of Privilege Vulnerability - CVE-2016-3225 An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) when an attacker forwards an authentication request intended for another service running on the same machine. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated permissions. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses the vulnerability by correcting how Windows Server Message Block (SMB) Server handles credential forwarding requests.
  • #20: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. CVE-2016-3236 (Publicly Disclosed) Windows WPAD Elevation of Privilege Vulnerability - CVE-2016-3213 An elevation of privilege vulnerability exists in Microsoft Windows when the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process. An attacker who successfully exploited this vulnerability could bypass security and gain elevated privileges on a targeted system. To exploit the vulnerability, an attacker could respond to NetBIOS name requests for WPAD. The update addresses the vulnerability by correcting how Windows handles proxy discovery.
  • #21: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. CVE-2016-3230 (Publicly Disclosed) Windows Search Component Denial of Service Vulnerability - CVE-2016-3230 This vulnerability occurs when the Windows Search component fails to properly handle certain objects in memory. An attacker who successfully exploited this vulnerability could cause server performance to degrade sufficiently to cause a denial of service condition. To exploit this vulnerability, an attacker could use it to cause a denial of service attack and disrupt server availability. The update addresses the vulnerability by correcting how the Windows Search component handles objects in memory.
  • #22: Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Recommendation is within 2 weeks of release. User Targeted To fully patch Flash Player you need to update the Player and plug-ins in all browsers. This could mean 4 updates for Flash, Flash for IE, Flash for Firefox, and Chrome.
  • #23: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. Group Policy Elevation of Privilege Vulnerability – CVE-2016-3223 An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine. To exploit this vulnerability, an attacker would need to launch a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine. An attacker could then create a group policy to grant administrator rights to a standard user. The security update addresses the vulnerability by enforcing Kerberos authentication for certain calls over LDAP.
  • #24: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. Multiple Win32k Elevation of Privilege Vulnerabilities Multiple elevation of privilege vulnerabilities exist in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit the vulnerabilities, an attacker would first have to log on to the target system. An attacker could then run a specially crafted application that could exploit the vulnerabilities and take control over an affected system. The update addresses the vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory.
  • #25: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. User Targeted Windows Graphics Component Information Disclosure Vulnerability – CVE-2016-3216 An information disclosure vulnerability exists when the Windows Graphics Component (GDI32.dll) fails to properly handle objects in memory, allowing an attacker to retrieve information that could lead to an Address Space Layout Randomization (ASLR) bypass. An attacker who successfully exploited this vulnerability could cause an information disclosure to bypass the ASLR security feature that protects users from a broad class of vulnerabilities. The security feature bypass itself does not allow arbitrary code execution. However, an attacker could use the ASLR bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, that could take advantage of the ASLR bypass to run arbitrary code. To exploit this vulnerability, an attacker could convince a use to run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows Graphics Component handles addresses in memory.
  • #26: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. Privilege Management Mitigates Windows Netlogon Memory Corruption Remote Code Execution- CVE-2016-3228 This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution when Windows improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. To exploit the vulnerability, a domain-authenticated attacker could make a specially crafted NetLogon request to a domain controller. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. This update corrects how Windows handles objects in memory to prevent corruption.
  • #27: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. Windows Diagnostics Hub Elevation of Privilege Vulnerability – CVE-2016-3231 An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows Diagnostics Hub Standard Collector Service sanitizes input, to help preclude unintended elevated system privileges.
  • #28: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. Microsoft Exchange Information Disclosure Vulnerability - CVE-2016-0028 An email filter bypass exists in the way that Microsoft Exchange parses HTML messages that could allow information disclosure. An attacker who successfully exploited the vulnerability could identify, fingerprint, and track a user online if the user views email messages using Outlook Web Access (OWA). An attacker could also combine this vulnerability with another one, such as a Cross-Site Request Forgery (CSRF), to amplify the attack. To exploit the vulnerability, an attacker could include specially crafted image URLs in OWA messages that could be loaded, without warning or filtering, from the attacker-controlled URL. This callback vector provides an information disclosure tactic used in web beacons and other types of tracking systems. The update corrects the way that Exchange parses HTML messages.
  • #29: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. User Targeted - Privilege Management Mitigates Impact Multiple Windows PDF Information Disclosure Vulnerabilities Information disclosure vulnerabilities exist in Microsoft Windows when a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could read information in the context of the current user. To exploit the vulnerabilities, an attacker would have to trick the user into opening the .pdf file. The update addresses the vulnerabilities by modifying how Windows parses .pdf files.
  • #30: Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Recommendation is 2 to 4 weeks. Active Directory Denial of Service Vulnerability - CVE-2016-3226 A denial of service vulnerability exists in Active Directory when an authenticated attacker creates multiple machine accounts. An attacker who successfully exploited this vulnerability could cause the Active Directory service to become non-responsive. To exploit this vulnerability an attacker must have valid credentials. An attacker could exploit this vulnerability by creating multiple machine accounts, resulting in denial of service. The update addresses the vulnerability by correcting how machine accounts are created
  • #33: Sign up for Content Announcements: Email http://www.shavlik.com/support/xmlsubscribe/ RSS http://protect7.shavlik.com/feed/ Twitter @ShavlikXML Follow us on: Shavlik on LinkedIn Twitter @ShavlikProtect Shavlik blog -> www.shavlik.com/blog Chris Goettl on LinkedIn Twitter @ChrisGoettl Sign up for webinars or download presentations and watch playbacks: http://www.shavlik.com/webinars/