July 14, 2016 at 12:59Microsoft fixed vulnerabilities in Windows
Microsoft has released updates for its products, fixing vulnerabilities in the kernel and system components of Windows, as well as the .NET Framework and Office. A total of 49 vulnerabilities are subject to correction within 6 critical and 5 important updates. One of the important updates MS16-090 fixes six vulnerabilities in the notorious Windows GUI driver - win32k.sys. Vulnerabilities are of the type Local Privilege Escalation (LPE) and can be used by attackers to raise their rights in the system to the SYSTEM level, which will allow unauthorized execution of code directly in kernel mode. The update is relevant for Windows Vista +.
Another major update is MS16-094fixes a Security Feature Bypass (SFB) vulnerability with identifier CVE-2016-3287 in a Windows security engine called Secure Boot. Secure Boot is used by Windows as a guarantee of loading legitimate UEFI code at the very early stage of system boot, which guarantees the user the absence of any malicious code that can be launched even before the OS boots. Using the vulnerability, an attacker can also disable the verification settings in the driver’s digital signature system, which can be used to load drivers with a test digital signature into the memory. The hotfix is relevant for Windows 8.1+.
Update MS16-084 исправляет критические RCE-уязвимости во всех поддерживаемых версиях веб-браузера Internet Explorer 9-11 на Windows Vista+. Эксплуатация уязвимостей возможна с использованием специальным образом сформированной веб-страницы, при этом пользователю нужно открыть веб-страницу в веб-браузере. Critical.
Обновление MS16-085 исправляет критические RCE-уязвимости в веб-браузере Edge на Windows 10. Как и в предыдущем случае, эксплуатация уязвимостей возможна с использованием специальным образом сформированной веб-страницы. Critical.
Обновление MS16-086fixes two critical RCE vulnerabilities in the VBScript.dll and JScript.dll engines with identifiers CVE-2016-3204 and CVE-2016-3204. Using malicious content, attackers can remotely execute the code they need on the Internet Explorer and Edge web browsers, which use these libraries for VBScript and JavaScript content. Critical.
Update MS16-087fixes two critical vulnerabilities with identifiers CVE-2016-3238 and CVE-2016-3239 in the print spooler component on Windows Vista +. The first vulnerability is of the Remote Code Execution type and can be used by attackers to remotely execute code provided that they have the opportunity to conduct a MitM attack on the network, the second is of the Local Privelege Escalation type and can be used to obtain SYSTEM rights. Remote code execution is possible both on the vulnerable client and on the print server, the attacker can also create a fake printer on the network. The following system files are subject to updating: Localspl.dll, Winprint.dll, Ntprint.dll and other Critical.
Update MS16-088fixes various vulnerabilities in MS Office 2007+, most of which are of the RCE type. These vulnerabilities provide an attacker with the ability to remotely execute code on a system with a vulnerable version of Office using a specially crafted file. One of the vulnerabilities with the identifier CVE-2016-3279 is of the Security Feature Bypass (SFB) type and can be used by attackers to bypass the Protected View mode of Office. This mode is used by Office when opening potentially malicious objects received from the Internet and disables any privileges for the running application process. Critical.
Update MS16-089fixes the vulnerability CVE-2016-3256 of the Information Disclosure type in the Secure Kernel Mode component on Windows 10. The vulnerability could be used by attackers to unauthorizedly obtain private information about the system. Important
The MS16-090 update fixes six vulnerabilities in the win32k.sys driver on Windows Vista +. Five of these vulnerabilities are of the LPE type and allow attackers to elevate their privileges in the system to the SYSTEM level by locally launching an exploit in the system. The vulnerability with the identifier CVE-2016-3251 is of the type Information Disclosure and allows attackers to reveal important addresses in the system virtual address space. Important
Update MS16-091fixes one Information Disclosure vulnerability with identifier CVE-2016-3255 in the .NET Framework 2.0+ on Windows Vista +. The vulnerability is present in the so-called XML input processing code. An XML External Entity (XXE) parser that incorrectly processes certain values, which can be used by attackers to read any file in the system. To exploit the attack, attackers need to create a specially crafted XML file and upload it to a web application. Important
Update MS16-092fixes two vulnerabilities in the kernel of Windows 8.1+. The first vulnerability with the identifier CVE-2016-3258 is of the SFB type and can be used by attackers to modify files that are not accessible to the low-access exploit application in the system. This is achieved through an attack of the time of check time of use (TOCTOU) type when the kernel checks file paths. The second vulnerability with identifier CVE-2016-3272 is of type Information Disclosure and is present in the kernel code, which is responsible for handling the page fault exception (page error). An attacker gaining access to the system can thus gain access to the memory of another process. The Windows bootloader - Winload.efi, the kernel Ntoskrnl.exe, as well as Ntdll.dll, Winresume.efi, etc. are subject to updating.
Update MS16-093delivers an updated version of Adobe Flash Player, which is used by IE and Edge web browsers ( APSB16-25 ).
The MS16-094 update fixes one SFB vulnerability with identifier CVE-2016-3287 in the Secure Boot security engine. Using this vulnerability, attackers can bypass the Secure Boot firmware boot security setting and also disable the digital signature verification of drivers and kernel mode components in the system. Various system files can be updated for different versions of Windows, including the Winload.efi bootloader, the Code Integrity Module cryptographic library (ci.dll), and other system files. Important
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
Another major update is MS16-094fixes a Security Feature Bypass (SFB) vulnerability with identifier CVE-2016-3287 in a Windows security engine called Secure Boot. Secure Boot is used by Windows as a guarantee of loading legitimate UEFI code at the very early stage of system boot, which guarantees the user the absence of any malicious code that can be launched even before the OS boots. Using the vulnerability, an attacker can also disable the verification settings in the driver’s digital signature system, which can be used to load drivers with a test digital signature into the memory. The hotfix is relevant for Windows 8.1+.
Update MS16-084 исправляет критические RCE-уязвимости во всех поддерживаемых версиях веб-браузера Internet Explorer 9-11 на Windows Vista+. Эксплуатация уязвимостей возможна с использованием специальным образом сформированной веб-страницы, при этом пользователю нужно открыть веб-страницу в веб-браузере. Critical.
Обновление MS16-085 исправляет критические RCE-уязвимости в веб-браузере Edge на Windows 10. Как и в предыдущем случае, эксплуатация уязвимостей возможна с использованием специальным образом сформированной веб-страницы. Critical.
Обновление MS16-086fixes two critical RCE vulnerabilities in the VBScript.dll and JScript.dll engines with identifiers CVE-2016-3204 and CVE-2016-3204. Using malicious content, attackers can remotely execute the code they need on the Internet Explorer and Edge web browsers, which use these libraries for VBScript and JavaScript content. Critical.
Update MS16-087fixes two critical vulnerabilities with identifiers CVE-2016-3238 and CVE-2016-3239 in the print spooler component on Windows Vista +. The first vulnerability is of the Remote Code Execution type and can be used by attackers to remotely execute code provided that they have the opportunity to conduct a MitM attack on the network, the second is of the Local Privelege Escalation type and can be used to obtain SYSTEM rights. Remote code execution is possible both on the vulnerable client and on the print server, the attacker can also create a fake printer on the network. The following system files are subject to updating: Localspl.dll, Winprint.dll, Ntprint.dll and other Critical.
Update MS16-088fixes various vulnerabilities in MS Office 2007+, most of which are of the RCE type. These vulnerabilities provide an attacker with the ability to remotely execute code on a system with a vulnerable version of Office using a specially crafted file. One of the vulnerabilities with the identifier CVE-2016-3279 is of the Security Feature Bypass (SFB) type and can be used by attackers to bypass the Protected View mode of Office. This mode is used by Office when opening potentially malicious objects received from the Internet and disables any privileges for the running application process. Critical.
Update MS16-089fixes the vulnerability CVE-2016-3256 of the Information Disclosure type in the Secure Kernel Mode component on Windows 10. The vulnerability could be used by attackers to unauthorizedly obtain private information about the system. Important
The MS16-090 update fixes six vulnerabilities in the win32k.sys driver on Windows Vista +. Five of these vulnerabilities are of the LPE type and allow attackers to elevate their privileges in the system to the SYSTEM level by locally launching an exploit in the system. The vulnerability with the identifier CVE-2016-3251 is of the type Information Disclosure and allows attackers to reveal important addresses in the system virtual address space. Important
Update MS16-091fixes one Information Disclosure vulnerability with identifier CVE-2016-3255 in the .NET Framework 2.0+ on Windows Vista +. The vulnerability is present in the so-called XML input processing code. An XML External Entity (XXE) parser that incorrectly processes certain values, which can be used by attackers to read any file in the system. To exploit the attack, attackers need to create a specially crafted XML file and upload it to a web application. Important
Update MS16-092fixes two vulnerabilities in the kernel of Windows 8.1+. The first vulnerability with the identifier CVE-2016-3258 is of the SFB type and can be used by attackers to modify files that are not accessible to the low-access exploit application in the system. This is achieved through an attack of the time of check time of use (TOCTOU) type when the kernel checks file paths. The second vulnerability with identifier CVE-2016-3272 is of type Information Disclosure and is present in the kernel code, which is responsible for handling the page fault exception (page error). An attacker gaining access to the system can thus gain access to the memory of another process. The Windows bootloader - Winload.efi, the kernel Ntoskrnl.exe, as well as Ntdll.dll, Winresume.efi, etc. are subject to updating.
Update MS16-093delivers an updated version of Adobe Flash Player, which is used by IE and Edge web browsers ( APSB16-25 ).
The MS16-094 update fixes one SFB vulnerability with identifier CVE-2016-3287 in the Secure Boot security engine. Using this vulnerability, attackers can bypass the Secure Boot firmware boot security setting and also disable the digital signature verification of drivers and kernel mode components in the system. Various system files can be updated for different versions of Windows, including the Winload.efi bootloader, the Code Integrity Module cryptographic library (ci.dll), and other system files. Important
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.