June 15, 2016 at 16:01Microsoft fixed vulnerabilities in Windows
Microsoft fixed serious vulnerabilities in Windows by releasing 16 updates. Five of these updates have Critical status. As part of MS16-063 , the Internet Explorer 9-11 web browser was updated, for which ten vulnerabilities were fixed. Most of the fixed vulnerabilities are of the type Remote Code Execution (RCE) and can be used to remotely execute code in a web browser using a specially crafted web page. A restart is required to apply the update.
Critical Update MS16-071fixes a dangerous RCE vulnerability with identifier CVE-2016-3227 in the Windows DNS service (Dns.exe) on Windows Server 2012. To exploit the vulnerability, a special DNS query can be used that is sent to the server. In this case, in case of successful operation, the attacker will receive high Local System privileges in Windows. As part of MS16-073, the win32k.sys GUI driver was also updated, in which two LPE vulnerabilities were closed, by which attackers could unauthorizedly launch their kernel mode code on the system.
Update MS16-063fixes ten vulnerabilities in Internet Explorer 9-11, most of which are of type RCE. Exploitation of such vulnerabilities is possible using a specially crafted web page that allows remote code execution in a web browser. Critical.
The MS16-068 update fixes eight similar RCE vulnerabilities in the Edge web browser. Two Information Disclosure vulnerabilities CVE-2016-3201 and CVE-2016-3215 are present in the component for viewing PDF files, with their help an attacker can gain unauthorized access to user information. Critical.
Update MS16-069fixes three RCE vulnerabilities CVE-2016-3205, CVE-2016-3206 and CVE-2016-3207 in the VBScript Scripting Engine (VBScript.dll) and JavaScript (JScript.dll) engines. Exploitation of vulnerabilities is possible with the use of malicious content when using the Internet Explorer web browser. Critical.
The MS16-070 update fixes vulnerabilities in Microsoft Office 2007+. The vulnerability CVE-2016-0025 is of the RCE type and can be used for remote code execution using a specially crafted Office Word file in MS Word. Another vulnerability with the identifier CVE-2016-3235 is called Office OLE DLL Side Loading and allows an attacker to load his dynamic library into the context of the Office process. Critical.
Update MS16-071fixes the severe RCE vulnerability CVE-2016-3227 in the DNS server service (dns.exe) on Windows Server 2012 and Windows Server 2012 R2. Attackers can remotely execute code on a server with high Local System rights by sending a specially crafted DNS query. Privileges granted may allow the exploit code to load kernel mode code into Windows. Critical.
Update MS16-072fixes the important Elevation of Privilege vulnerability CVE-2016-3223 in the Group Policy component on Windows Vista +. Using this vulnerability, an attacker can increase his authority in the system due to a man-in-the-middle (MiTM) attack against traffic between the domain controller and the victim’s machine. An attacker gains rights to create a group policy that allows you to grant administrator rights to a simple user (Elevation of Privilege). Important
Update MS16-073fixes important vulnerabilities in Windows system components. Two vulnerabilities with identifiers CVE-2016-3218 and CVE-2016-3221 are present in the win32k.sys driver on Windows Vista +. Another vulnerability such as Information Disclosure is present in the Windows Virtual PCI system driver (Vpcivsp.sys) on Windows Server 2012. The vulnerability allows an attacker to gain access to the contents of memory that he does not have legitimate access to. Vulnerabilities in win32k.sys allow an attacker to execute his code with the maximum SYSTEM privileges in the system. Important
Update MS16-074fixes vulnerabilities in various components of Windows. An Information Disclosure vulnerability CVE-2016-3216 is present in the Windows Graphics component (Gdi32.dll) on Windows Vista + and allows an attacker to bypass the ASLR defense mechanism. Another LPE vulnerability CVE-2016-3219 is present in the win32k.sys driver on Windows 10 and allows an attacker to run malicious code with SYSTEM rights. Another LPE vulnerability CVE-2016-3220 is present in the well-known Adobe Type Manager Library (atmfd.dll) on Windows Vista +. The library is used by win32k.sys, and the vulnerability allows attackers to run code on a system with maximum rights. Important
Update MS16-075fixes one vulnerability like Elevation of Privilege in SMB Server component on Windows Vista +. System components such as Cng.sys, Ksecpkg.sys, Mrxsmb10.sys, Mrxsmb20.sys, Mrxsmb.sys, Srvnet.sys, Srv.sys, Srv2.sys, as well as the Bcryptprimitives.dll, Lsasrv.dll and etc. To exploit the vulnerability, an attacker needs to run a special malicious application that will receive system privileges in Windows. In this case, the application must send a special authentication request to the SMB server, which does not correctly handle credential forwarding requests. Important
Update MS16-076fixes one RCE vulnerability CVE-2016-3228 in the Windows Netlogon component (Wdigest.dll, files from MS16-075) on Windows Server 2008 and Windows Server 2012. In case of successful authentication in the domain, the attacker can send a specially crafted NetLogon request to the controller domain and execute your code on it. The vulnerability is marked as Important because the attacker must already have access to the corporate network (domain). Important
The MS16-077 update fixes two LPE vulnerabilities CVE-2016-3213 and CVE-2016-3236 in the Web Proxy Auto Discovery (WPAD) protocol component on Windows Vista +. System files with network functions Netbt.sys, Mswsock.dll, Ws2_32.dll, Winhttp.dll are subject to updating. Important
Update MS16-078fixes LPE vulnerability with identifier CVE-2016-3231 for the Windows Diagnostics Hub Standard Collector service on Windows 10. The vulnerability allows an attacker to load his library into the context of a privileged service, after which he will receive maximum system rights in Windows. Important
The MS16-079 update fixes a number of important vulnerabilities in Microsoft Exchange Server 2007+. One vulnerability is of type Information Disclosure, and the other three are of type Elevation of Privilege. Important
Update MS16-080fixes three vulnerabilities in the Windows PDF component (Windows.data.pdf.dll. Glcndfilter.dll) on Windows 8.1+. Exploitation of vulnerabilities is possible using a specially crafted PDF file. Two of them are of type Information Disclosure, and the third is of RCE. Important
The MS16-081 update fixes a Denial of Service type vulnerability in the Active Directory service component (Ntdsai.dll) on server editions of Windows Server 2008 R2 and Windows Server 2012. An attacker could cause a server to freeze by creating multiple accounts remotely on it, while the attacker must be authenticated in the domain. Important
Update MS16-082fixes the CVE-2016-3230 vulnerability of the Denial of Service type in the Windows Search component on Windows 7+ (Structuredquery.dll). An attacker can cause the system to freeze by launching a special application in it. Important
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
Critical Update MS16-071fixes a dangerous RCE vulnerability with identifier CVE-2016-3227 in the Windows DNS service (Dns.exe) on Windows Server 2012. To exploit the vulnerability, a special DNS query can be used that is sent to the server. In this case, in case of successful operation, the attacker will receive high Local System privileges in Windows. As part of MS16-073, the win32k.sys GUI driver was also updated, in which two LPE vulnerabilities were closed, by which attackers could unauthorizedly launch their kernel mode code on the system.
Update MS16-063fixes ten vulnerabilities in Internet Explorer 9-11, most of which are of type RCE. Exploitation of such vulnerabilities is possible using a specially crafted web page that allows remote code execution in a web browser. Critical.
The MS16-068 update fixes eight similar RCE vulnerabilities in the Edge web browser. Two Information Disclosure vulnerabilities CVE-2016-3201 and CVE-2016-3215 are present in the component for viewing PDF files, with their help an attacker can gain unauthorized access to user information. Critical.
Update MS16-069fixes three RCE vulnerabilities CVE-2016-3205, CVE-2016-3206 and CVE-2016-3207 in the VBScript Scripting Engine (VBScript.dll) and JavaScript (JScript.dll) engines. Exploitation of vulnerabilities is possible with the use of malicious content when using the Internet Explorer web browser. Critical.
The MS16-070 update fixes vulnerabilities in Microsoft Office 2007+. The vulnerability CVE-2016-0025 is of the RCE type and can be used for remote code execution using a specially crafted Office Word file in MS Word. Another vulnerability with the identifier CVE-2016-3235 is called Office OLE DLL Side Loading and allows an attacker to load his dynamic library into the context of the Office process. Critical.
Update MS16-071fixes the severe RCE vulnerability CVE-2016-3227 in the DNS server service (dns.exe) on Windows Server 2012 and Windows Server 2012 R2. Attackers can remotely execute code on a server with high Local System rights by sending a specially crafted DNS query. Privileges granted may allow the exploit code to load kernel mode code into Windows. Critical.
Update MS16-072fixes the important Elevation of Privilege vulnerability CVE-2016-3223 in the Group Policy component on Windows Vista +. Using this vulnerability, an attacker can increase his authority in the system due to a man-in-the-middle (MiTM) attack against traffic between the domain controller and the victim’s machine. An attacker gains rights to create a group policy that allows you to grant administrator rights to a simple user (Elevation of Privilege). Important
Update MS16-073fixes important vulnerabilities in Windows system components. Two vulnerabilities with identifiers CVE-2016-3218 and CVE-2016-3221 are present in the win32k.sys driver on Windows Vista +. Another vulnerability such as Information Disclosure is present in the Windows Virtual PCI system driver (Vpcivsp.sys) on Windows Server 2012. The vulnerability allows an attacker to gain access to the contents of memory that he does not have legitimate access to. Vulnerabilities in win32k.sys allow an attacker to execute his code with the maximum SYSTEM privileges in the system. Important
Update MS16-074fixes vulnerabilities in various components of Windows. An Information Disclosure vulnerability CVE-2016-3216 is present in the Windows Graphics component (Gdi32.dll) on Windows Vista + and allows an attacker to bypass the ASLR defense mechanism. Another LPE vulnerability CVE-2016-3219 is present in the win32k.sys driver on Windows 10 and allows an attacker to run malicious code with SYSTEM rights. Another LPE vulnerability CVE-2016-3220 is present in the well-known Adobe Type Manager Library (atmfd.dll) on Windows Vista +. The library is used by win32k.sys, and the vulnerability allows attackers to run code on a system with maximum rights. Important
Update MS16-075fixes one vulnerability like Elevation of Privilege in SMB Server component on Windows Vista +. System components such as Cng.sys, Ksecpkg.sys, Mrxsmb10.sys, Mrxsmb20.sys, Mrxsmb.sys, Srvnet.sys, Srv.sys, Srv2.sys, as well as the Bcryptprimitives.dll, Lsasrv.dll and etc. To exploit the vulnerability, an attacker needs to run a special malicious application that will receive system privileges in Windows. In this case, the application must send a special authentication request to the SMB server, which does not correctly handle credential forwarding requests. Important
Update MS16-076fixes one RCE vulnerability CVE-2016-3228 in the Windows Netlogon component (Wdigest.dll, files from MS16-075) on Windows Server 2008 and Windows Server 2012. In case of successful authentication in the domain, the attacker can send a specially crafted NetLogon request to the controller domain and execute your code on it. The vulnerability is marked as Important because the attacker must already have access to the corporate network (domain). Important
The MS16-077 update fixes two LPE vulnerabilities CVE-2016-3213 and CVE-2016-3236 in the Web Proxy Auto Discovery (WPAD) protocol component on Windows Vista +. System files with network functions Netbt.sys, Mswsock.dll, Ws2_32.dll, Winhttp.dll are subject to updating. Important
Update MS16-078fixes LPE vulnerability with identifier CVE-2016-3231 for the Windows Diagnostics Hub Standard Collector service on Windows 10. The vulnerability allows an attacker to load his library into the context of a privileged service, after which he will receive maximum system rights in Windows. Important
The MS16-079 update fixes a number of important vulnerabilities in Microsoft Exchange Server 2007+. One vulnerability is of type Information Disclosure, and the other three are of type Elevation of Privilege. Important
Update MS16-080fixes three vulnerabilities in the Windows PDF component (Windows.data.pdf.dll. Glcndfilter.dll) on Windows 8.1+. Exploitation of vulnerabilities is possible using a specially crafted PDF file. Two of them are of type Information Disclosure, and the third is of RCE. Important
The MS16-081 update fixes a Denial of Service type vulnerability in the Active Directory service component (Ntdsai.dll) on server editions of Windows Server 2008 R2 and Windows Server 2012. An attacker could cause a server to freeze by creating multiple accounts remotely on it, while the attacker must be authenticated in the domain. Important
Update MS16-082fixes the CVE-2016-3230 vulnerability of the Denial of Service type in the Windows Search component on Windows 7+ (Structuredquery.dll). An attacker can cause the system to freeze by launching a special application in it. Important
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.