Archive

Archive for December, 2016

MS16-148 – Critical: Security Update for Microsoft Office (3204068) – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (December 21, 2016): Revised bulletin to correct a CVE ID. CVE-2016-7298 has been changed to CVE-2016-7274, and the vulnerability information has been updated. This is an informational change only. Customers who have successfully installed the updates do not need to take any further action.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Categories: Uncategorized Tags:

MS16-DEC – Microsoft Security Bulletin Summary for December 2016 – Version: 1.2

Categories: Uncategorized Tags:

MS16-DEC – Microsoft Security Bulletin Summary for December 2016 – Version: 1.2

Categories: Uncategorized Tags:

MS16-DEC – Microsoft Security Bulletin Summary for December 2016 – Version: 1.1

Categories: Uncategorized Tags:

MS16-148 – Critical: Security Update for Microsoft Office (3204068) – Version: 1.1

Severity Rating: Critical
Revision Note: V1.1 (December 21, 2016): Revised bulletin to correct a CVE ID. CVE-2016-7298 has been changed to CVE-2016-7274, and the vulnerability information has been updated. This is an informational change only. Customers who have successfully installed the updates do not need to take any further action.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Categories: Uncategorized Tags:

MS16-155 – Important: Security Update for .NET Framework (3205640) – Version: 2.0

Severity Rating: Important
Revision Note: V2.0 (December 19, 2016):
Summary: This security update resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. A security vulnerability exists in Microsoft .NET Framework 4.6.2 that could allow an attacker to access information that is defended by the Always Encrypted feature.

Categories: Uncategorized Tags:

MS16-155 – Important: Security Update for .NET Framework (3205640) – Version: 2.0

Severity Rating: Important
Revision Note: V2.0 (December 19, 2016):
Summary: This security update resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. A security vulnerability exists in Microsoft .NET Framework 4.6.2 that could allow an attacker to access information that is defended by the Always Encrypted feature.

Categories: Uncategorized Tags:

Microsoft Security Intelligence Report Volume 21 is now available

The latest volume of the Microsoft Security Intelligence Report is now available for free download at www.microsoft.com/sir.

This new volume of the report includes threat data from the first half of 2016 as well as longer term trend data on industry vulnerabilities, exploits, malware, and malicious websites. The report also provides specific threat data for over 100 countries/regions.

Our Featured Intelligence content for this volume of the report includes three deep dive sections:

Protecting cloud infrastructure; detecting and mitigating threats using Azure Security Center:
As organizations move workloads to cloud-based services it is important that security teams keep abreast of changes in their threat posture. New threats can be encountered when adopting solutions that are fully cloud based, or when connecting on-premises environments to cloud services. This section of the report details common threats that organizations may encounter, and explains how security teams can use Azure Security Center to protect, detect, and respond to security threats against Azure cloud-based resources.

PROMETHIUM and NEODYMIUM: parallel zero-day attacks targeting individuals in Europe:
Microsoft proactively monitors the threat landscape for emerging threats, including observing the activities of targeted activity groups. The new report chronicles two activity groups, code-named PROMETHIUM and NEODYMIUM, both of which target individuals in a specific area of Europe. Both attack groups launched attack campaigns in May 2016 using the same zero-day exploit to seek information about specific individuals. Microsoft is sharing information about these groups to raise awareness of their activities, and to help individuals and organizations implement existing mitigation options that significantly reduce risk from these attack groups and other similar groups.

Ten years of exploits: a long-term study of exploitation of vulnerabilities in Microsoft software:
Microsoft researchers conducted a study of security vulnerabilities and the exploitation of the most severe vulnerabilities in Microsoft software over a 10-year period ending in 2015. In the past five years vulnerability disclosures have increased across the entire industry. However, the number of remote code execution (RCE) and elevation of privilege (EOP) vulnerabilities in Microsoft software has declined significantly. The results of the study suggest that while the risk posed by vulnerabilities appeared to increase in recent years, the actualized risk of exploited vulnerabilities in Microsoft software has steadily declined.

There is a lot of other new data in this report that I hope you’ll find useful.

You can download Volume 21 of the Microsoft Security Intelligence Report at www.microsoft.com/sir.

Ken Malcolmson
Executive Security Advisor, Microsoft Enterprise Cybersecurity Group

MS16-137 – Important: Security Update for Windows Authentication Methods (3199173) – Version: 2.0

Severity Rating: Important
Revision Note: V2.0 (December 13, 2016): Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867.Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868.Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876.Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873.Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.
Summary: This security update resolves multiple vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege. To exploit this vulnerability, the attacker would first need to authenticate to the target, domain-joined system using valid user credentials. An attacker who successfully exploited this vulnerability could elevate their permissions from unprivileged user account to administrator.

Categories: Uncategorized Tags:

MS16-140 – Important: Security Update for Boot Manager (3193479) – Version: 2.0

Severity Rating: Important
Revision Note: V2.0 (December 13, 2016): Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867.Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868.Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876.Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873.Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker installs an affected boot policy and bypasses Windows security features.

Categories: Uncategorized Tags:

MS16-151 – Important: Security Update for Windows Kernel-Mode Drivers (3205651) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (December 13, 2016): Bulletin published
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

Categories: Uncategorized Tags:

MS16-126 – Moderate: Security Update for Microsoft Internet Messaging API (3196067) – Version: 2.0

Severity Rating: Moderate
Revision Note: V2.0 (December 13, 2016): Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the October Security Only updates. – Security Only update 3192391 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3192391. – Security Only update 3192393 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3192393 – Security Only update 3192392 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3192392. These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker successfully convinces a user of an affected system to visit a malicious or compromised website. Note that you must install two updates to be protected from the vulnerability discussed in this bulletin: The update in this bulletin, MS16-126, and the update in MS16-118.

Categories: Uncategorized Tags:

MS16-147 – Critical: Security Update for Microsoft Uniscribe (3204063) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (December 13, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Windows Uniscribe. The vulnerability could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update addresses the vulnerabilities by correcting how the Windows Uniscribe handles objects in the memory.

Categories: Uncategorized Tags:

MS16-138 – Important: Security Update for Microsoft Virtual Hard Disk Driver (3199647) – Version: 2.0

Severity Rating: Important
Revision Note: V2.0 (December 13, 2016): Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867.Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868.Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876.Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873.Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.
Summary: The Windows Virtual Hard Disk Driver improperly handles user access to certain files. An attacker can manipulate files in locations not intended to be available to the user by exploiting this vulnerability.

Categories: Uncategorized Tags:

MS16-144 – Critical: Cumulative Security Update for Internet Explorer (3204059) – Version: 1.0

Severity Rating: Critical
Revision Note: V1.0 (December 13, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Categories: Uncategorized Tags:

MS16-135 – Important: Security Update for Windows Kernel-Mode Drivers (3199135) – Version: 2.0

Severity Rating: Important
Revision Note: V2.0 (December 13, 2016): Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867.Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868.Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876.Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873.Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

Categories: Uncategorized Tags:

MS16-152 – Important: Security Update for Windows Kernel (3199709) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (December 13, 2016): Bulletin published.
Summary: The security update addresses the vulnerability by helping to ensure the kernel API correctly enforces access controls applied to this information. This security update resolves a vulnerability in Microsoft Windows. An information disclosure vulnerability exists when the Windows Kernel improperly handles objects in memory.

Categories: Uncategorized Tags:

MS16-132 – Critical: Security Update for Microsoft Graphics Component (3199120) – Version: 2.0

Severity Rating: Critical
Revision Note: V2.0 (December 13, 2016): Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867.Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868.Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876.Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873.Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe being of the vulnerabilities could allow a remote code execution vulnerability exists when the Windows Animation Manager improperly handles objects in memory if a user visits a malicious webpage. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. This security update is rated Critical for all supported releases of Microsoft Windows. For more information, see the Affected Software and Vulnerability Severity Ratings section.

Categories: Uncategorized Tags:

MS16-155 – Important: Security Update for .NET Framework (3205640) – Version: 1.0

Severity Rating: Important
Revision Note: V1.0 (December 13, 2016):
Summary: This security update resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. A security vulnerability exists in Microsoft .NET Framework 4.6.2 that could allow an attacker to access information that is defended by the Always Encrypted feature.

Categories: Uncategorized Tags:

MS16-130 – Critical: Security Update for Microsoft Windows (3199172) – Version: 2.0

Severity Rating: Critical
Revision Note: V2.0 (December 13, 2016): Revised bulletin to announce the following updates have been rereleased with a detection change that addresses a supersedence issue that certain customers experienced when attempting to install the November Security Only updates.Security Only update 3197867 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197867.Monthly Rollup 3197868 for all supported releases of Windows 7 and Windows Server 2008 R2. For more information, see Microsoft Knowledge Base Article 3197868.Security Only update 3197876 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197876.Monthly Rollup 3197877 for Windows Server 2012. For more information, see Microsoft Knowledge Base Article 3197877. Security Only update 3197873 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197873.Monthly Rollup 3197874 for Windows 8.1 and Windows Server 2012 R2. For more information, see Microsoft Knowledge Base Article 3197874.These are detection changes only. There were no changes to the update files. Customers who have already successfully installed any of these updates do not need to take any action. For more information, see the Microsoft Knowledge Base article for the respective update.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially crafted application.

Categories: Uncategorized Tags: