Archive

Archive for June, 2016

Connecting the dots to get ahead of your next security challenge

It is turbulent times we live in. The same technology that provides unprecedented global connections and productivity also provides hackers unprecedented surface area to commit headline-earning crimes. That’s why Microsoft is investing over $1 billion annually in security capabilities and connecting dots across the critical endpoints of today’s cloud and mobile world to help you keep up with security challenges.

Join Ann Johnson and myself as we talk about the Top 5 security threats facing your business – and how to respond, on June 29th at 10:00 am PST to discover our unique approach to security and how to benefit from the insight into the threat landscape that Microsoft derives from trillions of signals from billions of sources.

Change comes fast. It used to be that many organizations would lock down their networks and not even allow external web browsing from within their networks. Today, users need to be connected to people all over the world, using all kinds of social media tools, and other applications, most in the cloud. New devices are coming on the market that have the potential to boost productivity in ways we’ve never seen. To not allow these actions and tools would doom your organization to obscurity. But cybercriminals have become more sophisticated, too. How do you avoid a security breach while still allowing employees to stay ahead of the curve? We’ll cover this balance in our webinar.

Microsoft has taken an end to end look at these issues, and has solutions that cross products, technologies, and platforms.

On the front lines, your employees hold the key to your network’s security every time they log on or open an email. Windows 10, with Microsoft Passport and Windows Hello, and Azure Active Directory, which we will touch on in the webinar, help you go beyond passwords and put authentication in the tough-to-replicate physical world of the user’s machine and biometrics. And Office 365 can help identify and isolate malicious attachments and links in your users’ emails before they harm your network.

Devices too. Your company laptop used to be pretty bare-bones, right? Use it for work, and that’s it. You had your own toys to use for personal stuff, and as time wore on those devices became more and more indispensable to your daily life. People started to connect to email servers from their phones, and the lines started blurring from there. It can create a security nightmare for IT, especially since everyone has a different favorite platform. We created Microsoft Enterprise Mobility Suite to ensure secure interactions with your network no matter what the device or platform. We will also cover ensuring device security while enabling mobile work in our webinar.

And then there’s the cloud. So many questions about security, manageability, control. Well, your employees aren’t waiting for you to figure it out; 80% of employees’ report using cloud apps that aren’t approved by IT. With Microsoft Cloud App Security, you can discover all the cloud apps in use on your network, and decide which ones to allow or block.

Say yes to rolling with the changes. Boost your organization’s productivity and rest assured that your network is protected because we have connected the dots in today’s cloud and mobile world.

Don’t miss out! Register today and join us on June 29, 2016 at 10:00 PST, for Top 5 security threats facing your business – and how to respond.

Julia White
General Manager, Cloud + Enterprise

Categories: Cloud Computing, cybersecurity Tags:

Microsoft’s unique perspective on cybersecurity

Being one of the more established companies in IT has its advantages. At Microsoft, we’ve seen IT management and the datacenter morph and change over time. Our technology has powered and protected some of the biggest and most complex systems in the world.

And we’ve learned a thing or two from all this experience.

We’re bringing our experiences together into a set of insights and ecosystem of partnerships to make computing on the whole more secure. Join Julia White and myself for a webinar on June 29 at 10 PST where we will discuss this and more.

Not a week goes by without news of some terrible cybercrime that has been committed. At the same time mobile devices proliferate, business and personal connections grow, and the convenience and speed of the cloud becomes more of a necessity of day-to-day life. The diversification of the digital landscape is a great advantage, but also opens the door to more cyber risk.  

Microsoft has a unique position in cybersecurity. Because of the massive scale of information that Microsoft processes– billions of device updates and hundreds of billions of emails and authentications for example — we’re able to synthesize threat data far faster than your organization could ever do it alone.

With Microsoft’s vast intelligence, a security threat that shows up in one company can benefit everyone on the system immediately. Intelligence feeds, and is fed by, all of Microsoft’s products, creating a virtuous cycle. Machine learning is constantly analyzing behavior to detect potential threats, weed out noise and present only what is truly high-risk behavior.

Learn about how you can benefit from the insight into the threat landscape that Microsoft derives from trillions of signals from billions of sources in our webinar.

Why your IT infrastructure matters

Infrastructure is where valuable data lives. As companies are finding increasing value in building business infrastructure in the cloud, concerns over security of sensitive data like financials and intellectual property are well deserved.

But the cloud itself has forced new ways to look at security, and hybrid environments benefit greatly from these new approaches. When you no longer have a physical network perimeter, you need to think differently about how to manage security and access to data. Azure Information Protection and Windows enterprise data protection, for example, help secure data when it is being shared across platforms and across the public or private cloud. Access policies can be attached to files, making controls easier to manage, and your employees don’t have to switch environments to get their work done.

Partnerships play a key role

No single organization can solve the world’s security challenges alone. Microsoft has worked very hard to form alliances with a variety of organizations, sharing information and partnering on solutions with our peers in the industry, and government and law enforcement agencies, so that all of our customers and partners can benefit.

For example, the Digital Crimes Unit, an international team of attorneys, investigators, data scientists, engineers, and analysts, works with law enforcement and governments across the globe not only to fight those who would breach systems to disrupt or steal personal information, but also to protect the most vulnerable among us while online. We’ve also partnered with industry players who build solutions on top of our platforms to provide more holistic protection, Unisys has recently done with its cloud-based cybersecurity tools. Agreements like these cross technologies, products, and boundaries to strengthen security regardless of the task at hand or the device you are using.

At Microsoft, our position and scale have helped us form a unique perspective on cybersecurity, one that we can put to work for you.

Don’t miss out! Register today and join us on June 29, 2016 at 10:00 PST, for Top 5 security threats facing your business – and how to respond.

Ann Johnson
Vice-President, Enterprise Cybersecurity Group

Categories: cybersecurity Tags:

MS16-063 – Critical: Cumulative Security Update for Internet Explorer (3163649) – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (June 22, 2016): Bulletin revised to add workarounds for CVE-2016-3213. This is an informational change only. Customers who have successfully installed the updates do not need to take any further action.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Categories: Uncategorized Tags:

MS15-OCT – Microsoft Security Bulletin Summary for October 2015 – Version: 2.2

Revision Note: V2.2 (June 22, 2016): For MS15-106, added a Known Issue to the Executive Summaries table. After you install the update, storage event is not triggered for localStorage updates in an iFrame in Internet Explorer 11. For more information and the solution to this known issue, see Microsoft Knowledge Base Article 3168674. Previously for MS15-106, a Known Issue was added that addresses an issue in which Internet Explorer 11 consumes high memory and CPU cycles after you install cumulative update 3093983. For more information and the solution to this known issue, see Microsoft Knowledge Base Article 3119070.
Summary: This bulletin summary lists security bulletins released for October 2015.

Categories: Uncategorized Tags:

MS16-JUN – Microsoft Security Bulletin Summary for June 2016 – Version: 2.1

Revision Note: V2.1 (June 22, 2016): For MS16-075 and MS16-076, added a Known Issue to the Executive Summaries table for update 3161561. When you try to access a domain DFS namespace (such as \contoso.comSYSVOL) on a computer that is configured to require mutual authentication (by using the UNC Hardened Access feature), you receive an “Access Denied” error message. Microsoft is researching this problem and will post more information in this article when it becomes available. For more information, see Microsoft Knowledge Base Article 3161561.
Summary: This bulletin summary lists security bulletins released for June 2016.

Categories: Uncategorized Tags:

MS16-077 – Important: Security Update for WPAD (3165191) – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (June 22, 2016): Bulletin revised to add an Update FAQ on behavior changes to be aware of after installing this update. This is an informational change only.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process on a target system.

Categories: Uncategorized Tags:

MS16-077 – Important: Security Update for WPAD (3165191) – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (June 22, 2016): Bulletin revised to add an Update FAQ on behavior changes to be aware of after installing this update. This is an informational change only.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process on a target system.

Categories: Uncategorized Tags:

MS16-JUN – Microsoft Security Bulletin Summary for June 2016 – Version: 2.1

Revision Note: V2.1 (June 22, 2016): For MS16-075 and MS16-076, added a Known Issue to the Executive Summaries table for update 3161561. When you try to access a domain DFS namespace (such as \contoso.comSYSVOL) on a computer that is configured to require mutual authentication (by using the UNC Hardened Access feature), you receive an “Access Denied” error message. Microsoft is researching this problem and will post more information in this article when it becomes available. For more information, see Microsoft Knowledge Base Article 3161561.
Summary: This bulletin summary lists security bulletins released for June 2016.

Categories: Uncategorized Tags:

MS16-063 – Critical: Cumulative Security Update for Internet Explorer (3163649) – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (June 22, 2016): Bulletin revised to add workarounds for CVE-2016-3213. This is an informational change only. Customers who have successfully installed the updates do not need to take any further action.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Categories: Uncategorized Tags:

MS15-OCT – Microsoft Security Bulletin Summary for October 2015 – Version: 2.2

Revision Note: V2.2 (June 22, 2016): For MS15-106, added a Known Issue to the Executive Summaries table. After you install the update, storage event is not triggered for localStorage updates in an iFrame in Internet Explorer 11. For more information and the solution to this known issue, see Microsoft Knowledge Base Article 3168674. Previously for MS15-106, a Known Issue was added that addresses an issue in which Internet Explorer 11 consumes high memory and CPU cycles after you install cumulative update 3093983. For more information and the solution to this known issue, see Microsoft Knowledge Base Article 3119070.
Summary: This bulletin summary lists security bulletins released for October 2015.

Categories: Uncategorized Tags:

Announcing Azure Information Protection

June 22nd, 2016 No comments

For most of the enterprise customers that I have talked with over the years, one of the most challenging aspects of data protection for their organization has been data classification. But the majority of these customers readily agree that data classification is key to effectively protecting their organization’s most important data and enabling their mobile and cloud security strategies.

Microsoft has been working to help customers with this common challenge. Today, a new product that combines Azure Rights Management and capabilities from Microsoft’s recent acquisition of Secure Islands, has been unveiled. It’s called Microsoft Azure Information Protection.

Please check out all the details on the Enterprise Mobility & Security blog.

Tim Rains

Director, Security

Categories: Uncategorized Tags:

Protect your data, yes. But can you detect a breach and respond effectively?

Rapid development in cloud and mobile technologies is enabling greater opportunities for businesses to connect and thrive globally. At the same time, though, the public drumbeat about data breaches, cyberwarfare, and state surveillance can make you question the wisdom of getting more connected.

With great opportunity comes great risk, but the good news is business security strategies and technology solutions are rising to the challenge. Doing business in the era of infrastructure, platforms, and solutions “as a service” demands an adaptive, defensive mindset in how we approach data and identity security.

Passive business security isn’t enough anymore; bad actors will breach corporate networks. Both IT and C-suite are recognizing the need for active, company-wide defense. CIOs and CISOs need to think about how to protect data and other assets, as well as how to detect a threat more quickly and respond effectively. Simultaneously, business leaders are recognizing the need to develop a culture that continually applies lessons learned to strengthen the organization’s security posture.

Engineering best-in-class enterprise security is one of the ways Microsoft puts our principles to work in a mobile-first, cloud-first world. In our upcoming webinar, Top 5 security threats facing your business – and how to respond, Cloud + Enterprise General Manager Julia White and Ann Johnson, VP of Enterprise Cybersecurity, offer practical advice on how to implement a comprehensive protect-detect-respond strategy in your enterprise. They’ll also present the unique perspective that makes Microsoft a leader in cybersecurity.

Mark your calendar for this timely and informative session.

Reserve your webinar seat

Categories: cybersecurity Tags:

Reverse-engineering DUBNIUM’s Flash-targeting exploit

June 20th, 2016 No comments

The DUBNIUM campaign in December involved one exploit in-the-wild that affected Adobe Flash Player. In this blog, we’re going to examine the technical details of the exploit that targeted vulnerability CVE-2015-8651. For more details on this vulnerability, see Adobe Security Bulletin APSB16-01.

Note that Microsoft Edge on Windows 10 was protected from this attack due to the mitigations introduced into the browser.

 

Vulnerability exploitation

Adobe Flash Player version checks

The nature of the vulnerability is an integer overflow, and the exploit code has quite extensive subroutines in it. It tries to cover versions of the player from 11.x to the most recent version at the time of the campaign, 20.0.0.235.

The earliest version of Adobe Flash Player 11.x was released in October 2011 (11.0.1.152) and the last version of Adobe Flash Player 10.x was released in June 2013 (10.3.183.90). This doesn’t necessarily mean the exploit existed from 2011 or 2013, but it again demonstrates the broad target the exploit tries to cover.

Figure 1 Version check for oldest Flash Player the exploit targets

Figure 1 Version check for oldest Flash Player the exploit targets

 

Mainly we focused our analysis upon the function named qeiofdsa, as the routine covers any Adobe Flash player version since 19.0.0.185 (released on September 21, 2015).

Figure 2 Version check for latest Flash Player the exploit supports

Figure 2 Version check for latest Flash Player the exploit supports

 

Why is this version of Flash Player so important? Because that is the release which had the latest Vector length corruption hardening applied at the time of the incident. The original Vector length hardening came with 18.0.0.209 and it is well explained in the Security @ Adobe blog https://blogs.adobe.com/security/2015/12/community-collaboration-enhances-flash.html.

The Vector object from Adobe Flash Player can be used as a corruption target to acquire read or write (RW) primitives.

This object has a very simple object structure and predictable allocation patterns without any sanity checks on the objects. This made this object a very popular target for exploitation for recent years. There were a few more bypasses found after that hardening, and 19.0.0.185 had another bypass hardening. The exploit uses a new exploitation method (ByteArray length corruption) since this new version of Adobe Flash Player.

Note, however, that with new mitigation from Adobe released after this incident, the ByteArray length corruption method no longer works.

To better understand the impact of the mitigations on attacker patterns, we compared exploit code line counts for the pdfsajoe routine, which exploits Adobe Flash Player versions earlier than 19.0.0.185, to the qeiofdsa routine, which exploits versions after 19.0.0.185. We learned that pdfsajoe has 139 lines of code versus qeiofdsa with 5,021.

While there is really no absolute way to measure the impact and line code alone is not a standard measurement, we know that in order to target the newer versions of Adobe Flash Player, the attacker would have to write 36 more times the lines of code.

Subroutine name pdfsajoe qeiofdsa
Vulnerable Flash Player version Below 19.0.0.185 19.0.0.185 and up
Mitigations No latest Vector mitigations Latest Vector mitigations applied
Lines of attack code 139 lines 5,021 lines
Ratio 1 36

Table 1 Before and after Vector mitigation

 

This tells us a lot about the importance of mitigation and the increasing cost of exploit code development. Mitigation in itself doesn’t fix existing vulnerabilities, but it is definitely raising the bar for exploits.

 

Heap spraying and vulnerability triggering

The exploit heavily relies on heap spraying. Among heap spraying of various objects, the code from Figure 3 shows the code where the ByteArray objects are sprayed. This ByteArray has length of 0x10. These sprayed objects are corruption targets.

Figure 3 Heap-spraying code

Figure 3 Heap-spraying code

 

The vulnerability lies in the implementation of fast memory opcodes. More detailed information on the usage of fast memory opcodes are available in the Faster byte array operations with ASC2 article at the Adobe Developer Center.

After setting up application domain memory, the code can use avm2.intrinsics.memory. The package provides various methods including li32 and si32 instructions. The li32 can be used to load 32bit integer values from fast memory and si32 can be used to store 32bit integer values to fast memory. These functions are used as methods, but in the AVM2 bytecode level, they are opcode themselves.

Figure 4 Setting up application domain memory

Figure 4 Setting up application domain memory

 

Due to the way these instructions are implemented, the out-of-bounds access vulnerability happens (Figure 5). The key to this vulnerability is the second li32 statement just after first li32 one in each IF statement. For example, from the li32((_local_4+0x7FEDFFD8)) statement, the _local_4+0x7FEDFFD8 value ends up as 4 after integer overflow. From the just-in-time (JIT) level, the range check is only generated for this li32 statement, skipping the range check JIT code for the first li32 statement.

Figure 5 Out-of-bounds access code using li32 instructions

Figure 5 Out-of-bounds access code using li32 instructions

 

We compared the bytecode level AVM2 instructions with the low-level x86 JIT instructions. Figure 6 shows the comparisons and our findings. Basically two li32 accesses are made and the JIT compiler optimizes length check for both li32 instructions and generates only one length check. The problem is that integer overflow happens and the length check code becomes faulty and allows bypasses of ByteArray length restrictions. This directly ends with out-of-bounds RW access of the process memory. Historically, fast memory implementation suffered range check vulnerabilities (CVE-2013-5330, CVE-2014-0497). The Virus Bulletin 2014 paper by Chun Feng and Elia Florio, Ubiquitous Flash, ubiquitous exploits, ubiquitous mitigation (PDF download), provides more details on other old but similar vulnerabilities.

Figure 6 Length check confusion

Figure 6 Length check confusion

 

Using this out-of-bounds vulnerability, the exploit tries to locate heap-sprayed objects.

These are the last part of memory sweeping code. We counted 95 IF/ELSE statements that sweep through memory range from ba+0x121028 to ba+0x17F028 (where ba is the base address of fast memory), which is 0x5E000 (385,024) byte size. Therefore, these memory ranges are very critical for this exploit’s successful run.

Figure 7 End of memory sweeping code

Figure 7 End of memory sweeping code

 

Figure 8 shows a crash point where the heap spraying fails. The exploit heavily relies on a specific heap layout for successful exploitation, and the need for heap spraying is one element that makes this exploit unreliable.

Figure 8 Out-of-bounds memory access

Figure 8 Out-of-bounds memory access

 

This exploit uses a corrupt ByteArray.length field and uses it as RW primitives (Figure 9).

Figure 9 Instruction si32 is used to corrupt ByteArray.length field

Figure 9 Instruction si32 is used to corrupt ByteArray.length field

 

After ByteArray.length corruption, it needs to determine which ByteArray is corrupt out of the sprayed ByteArrays (Figure 10).

 

Figure 10 Determining corrupt ByteArray

Figure 10 Determining corrupt ByteArray

RW primitives

The following shows various RW primitives that this exploit code provides. Basically these extensive lists of methods provide functions to support different application and operating system flavors.

Figure 11 RW primitives

Figure 11 RW primitives

 

For example, the read32x86 method can be used to read an arbitrary process’s memory address on x86 platform. The cbIndex variable is the index into the bc array which is an array of the ByteArray type. The bc[cbIndex] is the specific ByteArray that is corrupted through the fast memory vulnerability. After setting virtual address as position member, it uses the readUnsignedInt method to read the memory value.

Figure 12 Read primitive

Figure 12 Read primitive

 

The same principle applies to the write32x86 method. It uses the writeUnsignedInt method to write to arbitrary memory location.

Figure 13 Write primitive

Figure 13 Write primitive

 

Above these, the exploit can perform a slightly complex operation like reading multiple bytes using the readBytes method.

Figure 14 Byte reading primitive

Figure 14 Byte reading primitive

 

Function object virtual function table corruption

Just after acquiring the process’s memory RW ability, the exploit tries to get access to code execution. This exploit uses a very specific method of corrupting a Function object and using the apply and call methods of the object to achieve shellcode execution. This method is similar to the exploit method that was disclosed during the Hacking Team leak. Figure 15 shows how the Function object’s virtual function table pointer (vptr) is acquired through a leaked object address, and low-level object offset calculations are performed. The offsets used here are relevant to the Adobe Flash Player’s internal data structure and how they are linked together in the memory.

Figure 15 Resolving Function object vptr address

Figure 15 Resolving Function object vptr address

 

This leaked virtual function table pointer is later overwritten with a fake virtual function table’s address. The fake virtual function table itself is cloned from the original one and the only pointer to apply method is replaced with the VirtualProtect API. Later, when the apply method is called upon the dummy function object, it will actually call the VirtualProtect API with supplied arguments – not the original empty call body. The supplied arguments are pointing to the memory area that is used for temporary shellcode storage. The area is made read/write/executable (RWX) through this method.

Figure 16 Call VirtualProtect through apply method

Figure 16 Call VirtualProtect through apply method

 

Once the RWX memory area is reserved, the exploit uses the call method of the Function object to perform further code execution. It doesn’t use the apply method because it no longer needs to pass any arguments. Calling the call method is also simpler (Figure 17).

Figure 17 Shellcode execution through call method

Figure 17 Shellcode execution through call method

 

This shellcode-running routine is highly modularized and you can actually use API names and arguments to be passed to the shellcode-running utility function. This makes shellcode building and running very extensible. Again, this method has close similarity with the code found with the Adobe Flash exploit leaked during the Hacking Team information leak in July 2015.

Figure 18 Part of shellcode call routines

Figure 18 Part of shellcode call routines

 

Note that the exploit’s method of using the corrupted Function object virtual table doesn’t work on Microsoft Edge anymore as it has additional mitigation against these kinds of attacks.

ROP-less shellcode

With this exploit, shellcode is not just contiguous memory area, but various shellcodes are called through separate call methods. As you can see from this exploit, we are observing more exploits operate without return-oriented programming (ROP) chains. We can track these calls by putting a breakpoint on the native code that performs the ActionScript call method. For example, the disassembly in Figure 19 shows the code that calls the InternetOpenUrlA API call.

 

Figure 19 InternetOpenUrlA 1st download

Figure 19 InternetOpenUrlA 1st download

 

This call only retrieves some portion of a portable executable (PE) file’s header, but not the whole file. It will do another run of the InternetOpenUrlA API call to retrieve the remaining body of the payload. This is most likely a trick to confuse analysts who will look for a single download session for payloads.

Figure 20 InternetOpenUrlA 2nd download

Figure 20 InternetOpenUrlA 2nd download

Conclusion

With the analysis of the Adobe Flash Player-targeting exploit used by DUBNIUM last December, we learned they are using highly organized exploit code with extensive support of operating system flavors. However, some functionalities for some operating system are not yet implemented. For example, some 64-bit support routines had an empty function inside them.

The way the shellcode is authored makes the exploit code very extensible and flexible as changing shellcode behavior is extremely simple – as much as just changing AS3 code lines.

The actual first stage payload download is not just performed by a single download but are split into two.

They also use the ByteArray.length corruption technique to achieve process memory RW access. There was a hardening upon this object just after this incident and ByteArray now has better sanity checks. Therefore, the same technique would not work as straightforwardly as in this exploit for the versions after the hardening.

The exploit relies heavily on heap-spraying techniques, and this is one major element that makes this exploit unreliable.

This is a good example of how mitigation undermines an exploit’s stability, and how it increases exploit development cost.

Due to the exploitation method it relies on for the Function object corruption, with Microsoft Edge you have additional protection over this new exploit method.

 

Jeong Wook Oh
MMPC

Categories: Uncategorized Tags:

MS16-JUN – Microsoft Security Bulletin Summary for June 2016 – Version: 2.0

Revision Note: V2.0 (June 16, 2016): Bulletin Summary revised to document the out-of-band release of MS16-083.
Summary: This bulletin summary lists security bulletins released for June 2016.

Categories: Uncategorized Tags:

MS16-083 – Critical: Security Update for Adobe Flash Player (3167685) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (June 16, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

Categories: Uncategorized Tags:

MS16-JUN – Microsoft Security Bulletin Summary for June 2016 – Version: 2.0

Revision Note: V2.0 (June 16, 2016): Bulletin Summary revised to document the out-of-band release of MS16-083.
Summary: This bulletin summary lists security bulletins released for June 2016.

Categories: Uncategorized Tags:

MS16-083 – Critical: Security Update for Adobe Flash Player (3167685) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (June 16, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

Categories: Uncategorized Tags:

MS16-074 – Important: Security Update for Microsoft Graphics Component (3164036) – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (June 15, 2016): Revised the Executive Summary to correct the attack vector description. This is an informational change only.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a user opens a specially crafted application.

Categories: Uncategorized Tags:

MS16-074 – Important: Security Update for Microsoft Graphics Component (3164036) – Version: 1.1

Severity Rating: Important
Revision Note: V1.1 (June 15, 2016): Revised the Executive Summary to correct the attack vector description. This is an informational change only.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a user opens a specially crafted application.

Categories: Uncategorized Tags:

MS16-JUN – Microsoft Security Bulletin Summary for June 2016 – Version: 1.1

Revision Note: V1.1 (June 15, 2016): For MS16-072, added a Known Issue to the Executive Summaries table. The updates in MS16-072 change the security context with which user group policies are retrieved. For more information about this by-design behavior change, see Microsoft Knowledge Base Article 3163622. For MS16-074, revised the Executive Summary to correct the attack vector description. This is an informational change only.
Summary: This bulletin summary lists security bulletins released for June 2016.

Categories: Uncategorized Tags: