Hello everyone,

This is Kelly Housman with the Microsoft Patch Tuesday newsletter for August 8, 2016.

 

Welcome to the August Patch Tuesday update. This month was a lighter than average month where Microsoft released a total of Nine (9) new security bulletins. For this month, Five (5) of these are rated Critical. These are the types of vulnerabilities that system administrators are usually the most concerned about and attempt to patch as quickly as possible. The remaining Four (4) are rated Important.

 

Clarification of the Intel Security Coverage column in the table below

Some Microsoft bulletins include multiple vulnerabilities. The Covered Products and Under Analysis sections will list Intel Security products for *any* of the vulnerabilities included in the Microsoft bulletin. You may see an Intel Security product listed in both sections, which would indicate that it is Covered for one of the vulnerabilities in the bulletin and Under Analysis for one of the other vulnerabilities. The details for each individual vulnerability are provided in the McAfee Labs Security Advisory Number.

 

This month’s patches include the following:

Bulletin Number

KB Number

Title

Bulletin Rating (highest )

Vulnerability Impact

McAfee Labs Security Advisory Number

Intel Security Coverage

MS16-095

3177356

Cumulative Security Update for Internet Explorer

Critical

-Memory Corruption

-Information disclosure

MTIS16-047

Covered Products:

  • NSP
  • Application Control
  • BOP
  • Host IPS
  • Vulnerability Manager

Under Analysis:

  • Web Gateway
  • DAT
  • Firewall Enterprise

MS16-096

3177358

Cumulative Security Update for Microsoft Edge

Critical

-Memory Corruption

-Information Disclosure

- PDF Remote Code Execution Vulnerability

MTIS16-047

Covered Products:

  • NSP
  • Application Control
  • Vulnerability Manager

Under Analysis:

  • Web Gateway
  • DAT
  • Firewall Enterprise

MS16-097

3177393

Security Update for Microsoft Graphics Component

Critical

-Remote Code Execution

MTIS16-047

Covered Products:

  • Application Control
  • BOP
  • Host IPS
  • NSP
  • Vulnerability Manager

Under Analysis:

  • Firewall Enterprise

MS16-098

3178466

Security Update for Kernel-Mode Drivers

Important

- Elevation of Privileges

MTIS16-047

Covered Products:

  • NSP
  • Host IPS
  • Under Analysis:
  • Web Gateway
  • DAT

Firewall Enterprise

MS16-099

3177451

Security Update for Office

Important

-Memory Corruption

-Information Disclosure

MTIS16-048

Covered Products:

  • NSP
  • Application Control
  • BOP
  • Host IPS
  • Vulnerability Manager

Under Analysis:

  • Firewall Enterprise
  • DAT
  • Web Gateway

MS16-100

3179577

Security Update for Secure Boot

Important

-Security Bypass

MTIS16-048

Covered Products:

  • Vulnerability Manager

Under Analysis:

  • Firewall Enterprise
  • DAT
  • Web Gateway

MS16-101

3178465

Security Update for Windows Authentication Methods

Critical

-Elevation  of Privilege

MTIS16-048

Covered Products:

  • Vulnerability Manager

Under Analysis:

  • Firewall Enterprise
  • DAT
  • Web Gateway

MS16-102

3182248

Security Update for Microsoft Windows PDF Library

Critical

-Remote Code Execution

MTIS16-048

Covered Products:

  • BOP
  • Host IPS
  • NSP
  • Vulnerability Manager

Under Analysis:

  • Firewall Enterprise

MS16-103

3182332

Security Update for ActiveSync Provider

Important

-Information Disclosure

MTIS16-048

Covered Products:

  • Vulnerability Manager

Under Analysis:

  • Firewall Enterprise
  • DAT
  • Web Gateway

 

Let’s take a closer look at each of the Microsoft Security Bulletins:

 

MS16-095 (CVE-2016-3288, 3289, 3290, 3293, 3321, 3322, 3326, 3327, and 3329 )

The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

This security update is rated Critical for Internet Explorer 9 (IE 9), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.

The update addresses the vulnerabilities by modifying how Internet Explorer and certain functions handle objects in memory.

MS16-096 (CVE-2016-3289, 3293, 3296, 3319, 3322, 3326, 3327, and 3329)

The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

This security update is rated Critical for Microsoft Edge on Windows 10.

The update addresses the vulnerabilities by:

  • Modifying how Microsoft Edge handles objects in memory
  • Modifying how the Chakra JavaScript scripting engine handles objects in memory

MS16-097 (CVE-2016-3301, 3303, and 3304)
This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, and Microsoft Lync. The vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

This security update is rated Critical for:

  • All supported releases of Microsoft Windows
  • Affected editions of Microsoft Office 2007 and Microsoft Office 2010
  • Affected editions of Skype for Business 2016, Microsoft Lync 2013, and Microsoft Lync 2010

The security update addresses the vulnerabilities by correcting how the Windows font library handles embedded fonts.

MS16-098 (CVE-2016-3308, 3309, 3310, and 3311)

The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

The security update addresses the vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory.

MS16-099 (CVE-2016-3313, 3315, 3316, 3317, and 3318)

The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. Office handles objects in memory

The security update addresses the vulnerabilities by correcting how affected versions of Office and Office components handle objects in memory.

 

MS16-100 (CVE-2016-3320)

The vulnerability could allow security feature bypass if an attacker installs an affected boot manager and bypasses Windows security features.

This security update is rated Important for all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

The security update addresses the vulnerability by blacklisting affected boot managers.

 

MS16-101 (CVE-2016-3237, and 3300)

The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a domain-joined system.

This security update is rated Important for all supported releases of Microsoft Windows.

The update addresses the vulnerabilities by modifying how Windows authentication methods handle the establishment of secure channels.


MS16-102 (CVE-2016-3319)

The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

This security update is rated Critical for all supported editions of Windows 8.1, Windows Server 2012, Windows RT 8.1, Windows Server 2012 R2, and Windows 10.

The update addresses the vulnerability by correcting how affected systems handle objects in memory.

 

MS16-103 (CVE-2016-3312)

The vulnerability could allow information disclosure when Universal Outlook fails to establish a secure connection.

This security update is rated Important for all supported editions of Windows 10.

The update addresses the vulnerability by preventing Universal Outlook from disclosing usernames and passwords.

 

 

 

NOTE: A bit of clarification might be in order here. Readers may wonder why we don’t often mention McAfee VirusScan or other technologies as mitigations for these vulnerabilities. The industry generally describes a security vulnerability as an unintentional coding or design flaw in software that may leave it potentially open to exploitation. While there may be some forms of defense against any given vulnerability being exploited, in some cases the only way to truly mitigate the issue is to patch the vulnerable software. Since our focus here is on Microsoft Security Bulletins, it might be useful to read the Microsoft Security Response Center’s definition of a security vulnerability.

 

Memory Corruption Vulnerabilities:

Intel Security is seeing many Memory Corruption Remote Code Execution vulnerabilities that affect a large number of products…not just those from Microsoft. This is an area where customers can see immediate value when using McAfee Host Intrusion Prevention. For example, by enabling protection and applying the Default IPS (Intrusion Prevention System) Rules policy, we have demonstrated that 90 percent or more of the Microsoft vulnerabilities listed in Patch Tuesday updates were shielded using this out-of-the-box basic protection level.

 

 

Further research is being performed 24/7 by McAfee Labs, and coverage may improve as additional results come in.  As more details become available, you’ll find them on the McAfee Threat Center.  You might also be interested in subscribing to McAfee Labs Security Advisories, where you can get real-time updates via email.

 

The McAfee Labs Security Advisories can be found on the McAfee Labs Security Advisories Community site.

 

Finally, these briefings are archived on the McAfee Community site.

 

For additional useful security information, please make note of the following links:

 

You can also review the Microsoft Summary for August 2016 at the Microsoft site.

 

Safe Computing!

Thank you,

Kelly Housman