Microsoft fixed another Stuxnet-like vulnerability in Windows
Microsoft has released a set of updates for its products that fix vulnerabilities in various components of Windows, the .NET Framework, Internet Explorer and Edge web browsers. A total of 5 updates with the status of Critical and 8 Important were published. One of the most important MS16-033 updates is to eliminate the vulnerability in the Usbstor.sys and Tsusbhub.sys drivers on all supported Windows editions. The peculiarity of the vulnerability is that it belongs to the type of so-called. Stuxnet-like vulnerabilities and allows you to execute malicious code from removable media.
Unlike the original MS10-046, the CVE-2016-0133 vulnerability is not present in the Windows Shell, but in the disk class driver, so code execution is possible only with physical access to the PC when the USB-drive is connected. In case of successful operation, the attacker gets the maximum SYSTEM rights in Windows. Previous Windows updates also fixed similar vulnerabilities: MS15-020, MS15-085.
')
The MS16-023 update fixes multiple vulnerabilities in the Internet Explorer 9-11 web browser, with which attackers can remotely execute code in the system (Remote Code Execution). Critical.
Update MS16-024 fixes RCE vulnerabilities in the Edge web browser, similar to those that were fixed for IE. Critical.
The MS16-025 update fixes the RCE vulnerability CVE-2016-0100 in the DLL loading component on Windows Server 2008 and Windows Vista (Wab32.dll, Wabimp.dll, Wab.exe). Using this vulnerability, an attacker can execute malicious code in the system, but for this to happen he must download it there. Critical.
Update MS16-026 fixes two RCE vulnerabilities with identifiers CVE-2016-0120 and CVE-2016-0121 on all supported versions of Windows. Vulnerabilities are present in the libraries of the Adobe Type Manager Library Library Atmfd.dll and Atmlib.dll and can be exploited by attackers through specially crafted font files. Critical.
Information about other updates can be found here technet.microsoft.com/library/security/ms16-mar .
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
Unlike the original MS10-046, the CVE-2016-0133 vulnerability is not present in the Windows Shell, but in the disk class driver, so code execution is possible only with physical access to the PC when the USB-drive is connected. In case of successful operation, the attacker gets the maximum SYSTEM rights in Windows. Previous Windows updates also fixed similar vulnerabilities: MS15-020, MS15-085.
')
The MS16-023 update fixes multiple vulnerabilities in the Internet Explorer 9-11 web browser, with which attackers can remotely execute code in the system (Remote Code Execution). Critical.
Update MS16-024 fixes RCE vulnerabilities in the Edge web browser, similar to those that were fixed for IE. Critical.
The MS16-025 update fixes the RCE vulnerability CVE-2016-0100 in the DLL loading component on Windows Server 2008 and Windows Vista (Wab32.dll, Wabimp.dll, Wab.exe). Using this vulnerability, an attacker can execute malicious code in the system, but for this to happen he must download it there. Critical.
Update MS16-026 fixes two RCE vulnerabilities with identifiers CVE-2016-0120 and CVE-2016-0121 on all supported versions of Windows. Vulnerabilities are present in the libraries of the Adobe Type Manager Library Library Atmfd.dll and Atmlib.dll and can be exploited by attackers through specially crafted font files. Critical.
Information about other updates can be found here technet.microsoft.com/library/security/ms16-mar .
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
Source: https://habr.com/ru/post/278857/
All Articles