MS16-107 – Critical: Security Update for Microsoft Office (3185852) – Version: 2.0

Severity Rating: Critical
Revision Note: V2.0 (September 22, 2016): Bulletin revised to announce the availability of the 14.6.8 update for Microsoft Office for Mac 2011 (3186805) and the 15.25 update for Microsoft Office 2016 for Mac (3186807). Customers running affected Mac software should install the appropriate update for their product to be protected from the vulnerabilities discussed in this bulletin. Customers running other Microsoft Office software do not need to take any action. See Microsoft Knowledge Base Article 3186805 and Microsoft Knowledge Base Article 3186807 for more information and download links.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Categories: Uncategorized Tags:

MS16-107 – Critical: Security Update for Microsoft Office (3185852) – Version: 2.0

Severity Rating: Critical
Revision Note: V2.0 (September 22, 2016): Bulletin revised to announce the availability of the 14.6.8 update for Microsoft Office for Mac 2011 (3186805) and the 15.25 update for Microsoft Office 2016 for Mac (3186807). Customers running affected Mac software should install the appropriate update for their product to be protected from the vulnerabilities discussed in this bulletin. Customers running other Microsoft Office software do not need to take any action. See Microsoft Knowledge Base Article 3186805 and Microsoft Knowledge Base Article 3186807 for more information and download links.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Categories: Uncategorized Tags:

Hacks for sale: Exploit kits provide easy avenue for unskilled attackers

September 19th, 2016 No comments

One of the most common cyber-attack vehicles we’ve seen over the years involves so-called “exploit kits.” These are collections of exploits bundled together and sold as commercial software or as a service.

A typical kit includes a collection of web pages with exploits for several vulnerabilities in popular web browsers, browser add-ons, or other types of software. When an attacker installs the kit on a web server, visitors to the attacker’s malicious webpage who don’t have appropriate security updates installed are at risk of their computers being compromised through drive-by download attacks.

One reason exploit kits are so dangerous to both consumers and businesses is that an attacker needn’t be a skilled hacker to use one. Prospective attackers can buy or rent exploit kits on malicious hacker forums and other outlets. Lower skilled attackers can use the kits to perform sophisticated attacks, which contributes to the fact that they have become so widespread over time. In fact, exploit kits accounted for four of the ten most commonly encountered threats during the second half of 2015 according to our 2016 Trends in Cybersecurity e-book.

What can you do to protect your organization?

To protect your organization, it’s important that your security teams understand which exploits and exploit kits are being used most often by attackers. The graphic below shows the most frequently encountered exploits noted in our latest Security Intelligence Report, and we detail three of the more common exploits, and the kits they are a part of, below.

Most frequently encountered exploits noted in our latest Security Intelligence Report

Most frequently encountered exploits noted in our latest Security Intelligence Report

Exploit Kit: Axpergle
A.K.A.: Angler

Axpergle is the most common exploit, commonly found in the Angler exploit kit. It targets Internet Explorer, Adobe Flash Player and Java. Exploit kit authors frequently change the exploits included in their kits in an effort to stay ahead of software publishers and security software vendors. Exploits targeting zero-day vulnerabilities — those for which no security update has yet been made available by the vendor — are highly sought after by attackers, and the Axpergle authors added several zero-day Flash Player exploits to the kit in 2015.

Exploit Kit: HTML/Meadgive
A.K.A.: RIG

Other exploit kits were encountered at much lower levels. Encounters involving the RIG exploit kit (also known as Redkit, Infinity, and Goon, and detected as HTML/Meadgive) more than doubled from summer to fall of 2015, but remained far below those involving Angler.

Exploit Kit: Win32/Anogre
A.K.A.: Sweet Orange

Encounters involving the Sweet Orange kit (detected as Win32/Anogre), the second most commonly encountered exploit kit in the first quarter of 2015, decreased to negligible levels by the end of the year.

Take the first step — Keep software up to date

Keeping your software up to date is one of the most effective defenses against exploit kits and their ever-evolving attacks.

To keep up with all the latest news about exploit kits, as well as viruses, malware and other known threats, make sure to bookmark the Microsoft Malware Protection Center blog for frequent updates. And for a high-level look at the top 10 trends and stats that matter most to security professionals right now, be sure and download the 2016 Trends in Cybersecurity e-book.

Keep Microsoft software up to date — and everything else too

September 14th, 2016 No comments

Many of the CIOs and CISOs that I talk to, have, over time, developed mature vulnerability assessment methodologies and security updating processes. But frequently, I find that the focus of these processes is squarely on keeping Microsoft operating systems and browsers up to date. Of course vulnerabilities in popular operating systems or browsers have the potential to affect a broad audience. Another reason for this focus is that Microsoft has made updating relatively easy by offering updates via Windows Update, Microsoft Update, and via various tools like Windows Server Update Services and others.

But data from our latest Security Intelligence Report suggests that customers need to keep all of their software up-to-date, not just Microsoft software.

In the last half of 2015 there were nearly 3,300 vulnerability disclosures across the industry, of which 305 were in Microsoft products. With more than 90 percent of reported vulnerabilities occurring outside the Microsoft portfolio, organizations need to monitor their entire technology stack to minimize their risk.

Microsoft products accounted for less than 10 percent of industrywide vulnerabilities in the second half of 2015.

Microsoft products accounted for less than 10 percent of industrywide vulnerabilities in the second half of 2015.

This is consistent with previous years as well. The software industry worldwide includes thousands of vendors, and historically, vulnerabilities for Microsoft software have accounted for between three and ten percent of disclosures in any six-month period.

To find out what’s happening in the world of software vulnerabilities across your IT environment, take some time to review our latest Security Intelligence Report and the information available through the National Vulnerability Database (NVD), the U.S. government’s repository of standards-based vulnerability management data. And for a high-level look at the top ten trends and stats that matter most to security professionals right now, be sure and download our 2016 Trends in Cybersecurity e-book.

MS16-112 – Important: Security Update for Windows Lock Screen (3178469) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (September 13, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Windows improperly allows web content to load from the Windows lock screen.

Categories: Uncategorized Tags:

MS16-116 – Critical: Security Update in OLE Automation for VBScript Scripting Engine (3188724) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (September 13, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user of an affected system to visit a malicious or compromised website. Note that you must install two updates to be protected from the vulnerability discussed in this bulletin: The update in this bulletin, MS16-116, and the update in MS16-104.

Categories: Uncategorized Tags:

MS16-107 – Critical: Security Update for Microsoft Office (3185852) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (September 13, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Categories: Uncategorized Tags:

MS16-104 – Critical: Cumulative Security Update for Internet Explorer (3183038) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (September 13, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Categories: Uncategorized Tags:

MS16-114 – Important: Security Update for Windows SMBv1 Server (3185879) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (September 13, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. On Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 operating systems, the vulnerability could allow remote code execution if an authenticated attacker sends specially crafted packets to an affected Microsoft Server Message Block 1.0 (SMBv1) Server. The vulnerability does not impact other SMB Server versions. Although later operating systems are affected, the potential impact is denial of service.

Categories: Uncategorized Tags:

MS16-115 – Important: Security Update for Microsoft Windows PDF Library (3188733) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (September 13, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow information disclosure if a user views specially crafted PDF content online or opens a specially crafted PDF document.

Categories: Uncategorized Tags:

MS16-113 – Important: Security Update for Windows Secure Kernel Mode (3185876) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (September 13, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory.

Categories: Uncategorized Tags:

MS16-SEP – Microsoft Security Bulletin Summary for September 2016 – Version: 1.0

Categories: Uncategorized Tags:

MS16-110 – Important: Security Update for Microsoft Windows (3178467) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (September 13, 2016): Bulletin published.
Summary: This security update resolves multiple vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker creates a specially crafted request and executes arbitrary code with elevated permissions on a target system.

Categories: Uncategorized Tags:

3174644 – Updated Support for Diffie-Hellman Key Exchange – Version: 1.0

Categories: Uncategorized Tags:

MS16-111 – Important: Security Update for Windows Kernel (3186973) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (September 13, 2016): Click here to enter text.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a target system.

Categories: Uncategorized Tags:

MS16-105 – Critical: Cumulative Security Update for Microsoft Edge (3183043) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (September 13, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

Categories: Uncategorized Tags:

MS16-109 – Important: Security Update for Silverlight (3182373) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (September 13, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application. An attacker would have no way to force a user to visit a compromised website. Instead, an attacker would have to convince the user to visit the website, typically by enticing the user to click a link in either an email or instant message that takes the user to the attacker’s website.

Categories: Uncategorized Tags:

3181759 – Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege – Version: 1.0

Revision Note: V1.0 (September 13, 2016): Advisory published.
Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of ASP.NET Core MVC 1.0.0. This advisory also provides guidance on what developers can do to help ensure that their applications are updated correctly.

Categories: Uncategorized Tags:

MS16-108 – Critical: Security Update for Microsoft Exchange Server (3185883) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (September 13, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow remote code execution in some Oracle Outside In libraries that are built into Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.

Categories: Uncategorized Tags:

MS16-106 – Critical: Security Update for Microsoft Graphics Component (3185848) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (September 13, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Categories: Uncategorized Tags: