Microsoft fixed badlock vulnerability in Windows
Microsoft has released a set of updates for its Windows, Office products, as well as the .NET Framework. Update MS16-047 fixes a known vulnerability called Badlock ( Windows SAM and LSAD Downgrade Vulnerability ) (see badlock.org ). The vulnerability received the identifier CVE-2016-0128 (Elevation of Privilege) and can be used by attackers to organize attacks like Man-in-the-middle (MitM), as well as Denial-of-Service (DoS). Vulnerability is relevant for all supported versions of Windows, i.e. Vista +.
Badlock fixes a significant number of Windows system files, including system drivers, as well as cryptographic libraries used to organize secure connections: Ksecdd.sys, Mrxsmb10.sys, Mrxsmb20.sys, Schannel.dll, Rpcrt4.dll, Ncrypt.dll, Secur32 .dll, lsass.exe, Samsrv.dll, Samlib.dll, Bcrypt.dll. This demonstrates the seriousness of Badlock, as indicated by the authors of the above website.
')
The released set of updates also closes serious LPE vulnerabilities in the win32k.sys driver, which are used by cybercriminals in cyber attacks on users. We are talking about vulnerabilities CVE-2016-0165 and CVE-2016-0167, closed with update MS16-039 . Important.
Update MS16-045 closes important vulnerabilities in the Hyper-V virtualization platform. The two closed vulnerabilities CVE-2016-0089 and CVE-2016-0090 are of the Information Disclosure type and allow attackers to reveal some of the contents of the host process memory addresses. Another vulnerability with identifier CVE-2016-0088 is present in the Hyper-V platform Vmswitch.sys driver. It is of the Remote Code Execution (RCE) type and allows the application to run on a host with a guest OS. Important.
Update MS16-049 fixes CVE-2016-0150 type Denial of Service (DoS) vulnerability in the http.sys driver. With the use of a special HTTP 2.0 request sent to a vulnerable system, attackers can stop it before rebooting. Important.
Information about other updates can be found here technet.microsoft.com/library/security/ms16-apr .
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
Badlock fixes a significant number of Windows system files, including system drivers, as well as cryptographic libraries used to organize secure connections: Ksecdd.sys, Mrxsmb10.sys, Mrxsmb20.sys, Schannel.dll, Rpcrt4.dll, Ncrypt.dll, Secur32 .dll, lsass.exe, Samsrv.dll, Samlib.dll, Bcrypt.dll. This demonstrates the seriousness of Badlock, as indicated by the authors of the above website.
')
The released set of updates also closes serious LPE vulnerabilities in the win32k.sys driver, which are used by cybercriminals in cyber attacks on users. We are talking about vulnerabilities CVE-2016-0165 and CVE-2016-0167, closed with update MS16-039 . Important.
Update MS16-045 closes important vulnerabilities in the Hyper-V virtualization platform. The two closed vulnerabilities CVE-2016-0089 and CVE-2016-0090 are of the Information Disclosure type and allow attackers to reveal some of the contents of the host process memory addresses. Another vulnerability with identifier CVE-2016-0088 is present in the Hyper-V platform Vmswitch.sys driver. It is of the Remote Code Execution (RCE) type and allows the application to run on a host with a guest OS. Important.
Update MS16-049 fixes CVE-2016-0150 type Denial of Service (DoS) vulnerability in the http.sys driver. With the use of a special HTTP 2.0 request sent to a vulnerable system, attackers can stop it before rebooting. Important.
Information about other updates can be found here technet.microsoft.com/library/security/ms16-apr .
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
Source: https://habr.com/ru/post/281529/
All Articles