Hello everyone,

 

This is Kelly Housman with the Microsoft Patch Tuesday newsletter for January 2016.

 

Welcome to the January Patch Tuesday update. This month Microsoft released a total of Nine (9) new security bulletins. For this month, Six (6) of these are rated Critical, which Microsoft terms as a vulnerability whose exploitation could allow remote code execution. These are the types of vulnerabilities that system administrators are usually the most concerned about and attempt to patch as quickly as possible. The other Three (3) are rated Important.

 

Clarification of the Intel Security Coverage column in the table below

Some Microsoft bulletins include multiple vulnerabilities. The Covered Products and Under Analysis sections will list Intel Security products for *any* of the vulnerabilities included in the Microsoft bulletin. You may see an Intel Security product listed in both sections, which would indicate that it is Covered for one of the vulnerabilities in the bulletin and Under Analysis for one of the other vulnerabilities. The details for each individual vulnerability are provided in the McAfee Labs Security Advisory Number.

 

This month’s patches include the following: 

 

Bulletin Number

KB Number

Title

Bulletin Rating

Vulnerability Impact

McAfee Labs Security Advisory Number

Intel Security Coverage

MS16-001 3124903Cumulative Security Update for Internet Explorer

Important /
Critical

Memory Corruption & Elevation of Privileges

MTIS16-005

Covered Products:
  • Vulnerability Mgr.
  • BOP
  • Host IPS
  • NSP
  • Application Control

Under Analysis:

  • Firewall Enterprise

MS16-002

3124904

Cumulative Security Update for Microsoft Edge

Critical

Memory Corruption

MTIS16-005

Covered Products:
  • Vulnerability Mgr.
  • BOP
  • Host IPS
  • NSP
  • Application Control
Under Analysis:
  • Firewall Enterprise

MS16-003

3125540

Cumulative Security Update for JScript and VBScript

Critical

Remote Code Execution

MTIS16-005

Covered Products:
  • Vulnerability Mgr.
  • BOP
  • Host IPS
  • NSP
  • Application Control
Under Analysis:
  • Firewall Enterprise

MS16-004

3124585

Security Update for Microsoft Office

Critical

Remote Code Execution / ASLR Security Bypass

MTIS16-005

Covered Products:
  • Vulnerability Mgr.
  • BOP
  • Host IPS
  • NSP
  • Application Control
Under Analysis:
  • Firewall Enterprise
  • DAT
  • Web Gateway

MS16-005

3124584

Security Update for Windows Kernel-Mode Drivers

Critical

Remote Code Execution

MTIS16-005

Covered Products:
  • Vulnerability Mgr.
  • Host IPS
  • NSP
Under Analysis:
  • Firewall Enterprise

MS16-006

3126036

Security Update for Silverlight

Critical

Remote Code Execution

MTIS16-005

Covered Products:
  • Vulnerability Mgr.
  • BOP
  • Host IPS
  • NSP
  • Application Control
Under Analysis:
  • Firewall Enterprise

MS16-007

3124901

Security Update for Microsoft Windows

Important

Remote Code Execution

MTIS16-005

Covered Products:
  • Vulnerability Mgr.
  • BOP
  • NSP
  • Host IPS
  • Application Control
Under Analysis:
  • Firewall Enterprise

MS16-008

3124605

Security Update for Kernel

Important

Elevation of Privilege

MTIS16-005

Covered Products:
  • Vulnerability Mgr.
  • NSP
Under Analysis:
  • Firewall Enterprise

MS16-010

3124557

Security Update for Exchange server

Important

Spoofing Vulnerability

MTIS16-005

Covered Products:
  • Vulnerability Mgr.
Under Analysis:

Firewall Enterprise



 

 

Let’s take a closer look at each of the Microsoft Security Bulletins:


MS16-001 (CVE-2016-0002 and 0005,)

  This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

  This security update is rated Critical for Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.

 

  • The security update addresses the vulnerabilities by:
    • Modifying how VBScript handles objects in memory
    • Helping to ensure that cross-domain policies are properly enforced in Internet Explorer


MS16-002 (CVE-2016-0003 and 00024)

  This security update resolves vulnerabilities in Microsoft Edge. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. This security update is rated Critical for Microsoft Edge on Windows 10. The update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.


MS16-003 (CVE-2016-0002)
This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows. The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system.

 

This security update is rated Critical for affected versions of the VBScript scripting engine on supported editions of Windows Vista, Windows Server 2008, and Server Core installations of Windows Server 2008 R2.

 

MS16-004 (CVE-2016-6117, 0010, 0011, 0012, and 0035)

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.

 

  • The security update addresses the vulnerabilities by:
    • Correcting how Microsoft Office handles objects in memory
    • Ensuring that Microsoft SharePoint correctly enforces ACP configuration settings
    • Helping to ensure that Microsoft Office properly implements the ASLR security feature

 

MS16-005(CVE-2016-0008 and 0009)

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user visits a malicious website.

This security update is rated Critical for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2; it is rated Important for all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows 10 Version 1511.

 

MS16-006 (CVE-2016-0034)

  This security update resolves a vulnerability in Microsoft Silverlight. The vulnerability could allow remote code execution if a user visits a compromised website that contains a specially crafted Silverlight application. An attacker would have no way to force users to visit a compromised website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email or instant message that takes users to the attacker's website.

This security update is rated Critical for Microsoft Silverlight 5 and Microsoft Silverlight 5 Developer Runtime when installed on Mac or all supported releases of Microsoft Windows.

 

MS16-007 (CVE-2016-0014 0015, 0016, 0018, 0019, and 0020)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application.

 

MS16-008 (CVE-2016-0006 and 0007)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. This security update is rated Important for all supported releases of Microsoft Windows.


MS16-010 (CVE-2016-0029 thru 0032)

  This security update resolves vulnerabilities in Microsoft Exchange Server. The most severe of the vulnerabilities could allow spoofing if Outlook Web Access (OWA) fails to properly handle web requests, and sanitize user input and email content. This security update is rated Important for all supported editions of Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016.

 


NOTE: A bit of clarification might be in order here. Readers may wonder why we don’t often mention McAfee VirusScan or other technologies as mitigations for these vulnerabilities. The industry generally describes a security vulnerability as an unintentional coding or design flaw in software that may leave it potentially open to exploitation. While there may be some forms of defense against any given vulnerability being exploited, in some cases the only way to truly mitigate the issue is to patch the vulnerable software. Since our focus here is on Microsoft Security Bulletins, it might be useful to read the Microsoft Security Response Center’s definition of a security vulnerability.

 

Memory Corruption Vulnerabilities:

  Intel Security is seeing many Memory Corruption Remote Code Execution vulnerabilities that affect a large number of products…not just those from Microsoft. This is an area where customers can see immediate value when using McAfee Host Intrusion Prevention. For example, by enabling protection and applying the Default IPS (Intrusion Prevention System) Rules policy, we have demonstrated that 90 percent or more of the Microsoft vulnerabilities listed in Patch Tuesday updates were shielded using this out-of-the-box basic protection level.

 

Further research is being performed 24/7 by McAfee Labs, and coverage may improve as additional results come in.  As more details become available, you’ll find them on the McAfee Threat Center.  You might also be interested in subscribing to McAfee Labs Security Advisories, where you can get real-time updates via email.


The McAfee Labs Security Advisories can be found on the McAfee Labs Security Advisories Community site.


Finally, these briefings are archived on the McAfee Community site.

 

For additional useful security information, please make note of the following links:

 

You can also review the Microsoft Summary for December 2015 at the Microsoft site.

 

Safe Computing!

Thank you,

  Kelly Housman