Microsoft fixed major vulnerabilities in Windows
Microsoft has released as many as 16 updates for its products. Updates close a number of serious vulnerabilities in the components of Windows, Office, as well as the .NET Framework. Update MS16-053 closes the dangerous Remote Code Execution (RCE) 0day vulnerability CVE-2016-0189 in the well-known component Vbscript.dll (VBScript Scripting Engine), which is used by attackers in cyber attacks on users. Similar dangerous vulnerabilities were closed in the Windows Shell component (Windows.ui.dll), Journal (Journal.exe), Graphics (Gdi32.dll, Windowscodecs.dll), etc.
One of the MS16-066 updates refers to a vulnerability in the Virtual Secure Mode component of Windows 10, with which corporate users can create highly secure and inaccessible for external influence virtual machines (containers). The closed vulnerability CVE-2016-0181 ( Hypervisor Code Integrity Security Feature Bypass ) made it possible to run specially crafted (malicious) applications without a digital signature on such a protected virtual machine.
')
Update MS16-051 fixes five vulnerabilities in Internet Explorer. The update is addressed to all supported IE 9-11 web browsers on Windows Vista SP2 +. Most of the fixed vulnerabilities are of the Remote Code Execution (RCE) type and can be used by attackers for remote code execution using a specially crafted web page. Critical.
The MS16-052 update fixes four RCE vulnerabilities in the Edge protected web browser on Windows 10. Vulnerabilities can be exploited using a special malicious web page. Critical.
Update MS16-053 fixes two RCE vulnerabilities of type memory-corruption with identifiers CVE-2016-0187 and CVE-2016-0189 in JavaScript and VBScript engines on Windows Vista SP2 - Windows Server 2008 SP2. Exploitation of vulnerabilities is possible using a specially formed web page. Critical.
Update MS16-054 fixes four vulnerabilities in Microsoft Office 2007+ products. The fixed vulnerabilities are of type RCE and allow an attacker to remotely execute the code on the user's system using a specially crafted Office file. One of the vulnerabilities CVE-2016-0183 is present in the graphical component of Office. Critical.
The MS16-055 update fixes five vulnerabilities in Windows Vista + graphic components: Gdi32.dll, D3d10level9.dll, Windowscodecs.dll. Vulnerability CVE-2016-0170 is a type of RCE and allows attackers to remotely execute code in the system using a malicious multimedia file posted on a website. Two other vulnerabilities, CVE-2016-0168 and CVE-2016-0169, are of the Information Disclosure type and are present in the Gdi32.dll component. They allow an attacker to gain unauthorized information about the user's system. Critical.
Update MS16-056 fixes the dangerous RCE vulnerability CVE-2016-0182 in the component of Windows Vista Journal + (Windows Journal). The exploitation of the vulnerability is possible through the user opening a specially formed log file, a link to which can be sent to the victim via an instant messenger or by e-mail. The following system files are subject to updating: Jnwdrv.dll, Jnwdui.dll, Jnwmon.dll, Pdialog.exe, Journal.exe and other Critical.
Update MS16-057 fixes a dangerous RCE vulnerability identified as CVE-2016-0179 in the Windows Shell on Windows 8.1+. The exploitation of the vulnerability is possible through specially crafted content that will be posted on the website. The system library Windows.ui.dll is subject to updating. Critical.
Update MS16-059 fixes an RCE vulnerability with identifier CVE-2016-0185 in Windows Media Center on Windows Vista +. Attackers can remotely execute the code in the user's system through a specially crafted Media Center link (.mcl) link file, which must be opened in the Media Center player. The system file Ehshell.dll is subject to updating. Important.
The MS16-060 update fixes the Local Privilege Escalation (LPE) vulnerability CVE-2016-0180 in the kernel (Ntoskrnl.exe) of Windows Vista +. The vulnerability lies in the incorrect processing of symbolic links and allows a malicious application to elevate its privileges to the kernel level and run malicious code in kernel mode. Important.
Update MS16-061 fixes the LPE vulnerability CVE-2016-0178 in the Remote Procedure Call (RPC) component on Windows Vista +. The attacker can send a special RPC request to the other side, which will lead to a memory leak in the RPC Network Data Representation (NDR) Engine, which will allow the attacker to execute his code in the system with maximum privileges. The update is addressed to the Rpcrt4.dll library. Important.
The MS16-062 update fixes multiple LPE vulnerabilities in Windows subsystem drivers — Win32k.sys and DirectX — Dxgkrnl.sys, Dxgmms1.sys on Windows Vista +. Vulnerabilities can be exploited using malicious applications that provide attackers with maximum SYSTEM privileges in the system. One of the vulnerabilities in Win32k.sys with identifier CVE-2016-0175 can be used to bypass the Kernel ASLR (KASLR). Important.
Update MS16-067 fixes an Information Disclosure type CVE-2016-0190 vulnerability in the Volmgr.sys volume manager driver on Windows 8.1. In an attack scenario using a vulnerability, an attacker can view the contents of a removable USB disk mounted to the system via remote RDP using Microsoft RemoteFX. Important.
Information about other updates can be found here technet.microsoft.com/library/security/ms16-may .
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
One of the MS16-066 updates refers to a vulnerability in the Virtual Secure Mode component of Windows 10, with which corporate users can create highly secure and inaccessible for external influence virtual machines (containers). The closed vulnerability CVE-2016-0181 ( Hypervisor Code Integrity Security Feature Bypass ) made it possible to run specially crafted (malicious) applications without a digital signature on such a protected virtual machine.
')
Update MS16-051 fixes five vulnerabilities in Internet Explorer. The update is addressed to all supported IE 9-11 web browsers on Windows Vista SP2 +. Most of the fixed vulnerabilities are of the Remote Code Execution (RCE) type and can be used by attackers for remote code execution using a specially crafted web page. Critical.
The MS16-052 update fixes four RCE vulnerabilities in the Edge protected web browser on Windows 10. Vulnerabilities can be exploited using a special malicious web page. Critical.
Update MS16-053 fixes two RCE vulnerabilities of type memory-corruption with identifiers CVE-2016-0187 and CVE-2016-0189 in JavaScript and VBScript engines on Windows Vista SP2 - Windows Server 2008 SP2. Exploitation of vulnerabilities is possible using a specially formed web page. Critical.
Update MS16-054 fixes four vulnerabilities in Microsoft Office 2007+ products. The fixed vulnerabilities are of type RCE and allow an attacker to remotely execute the code on the user's system using a specially crafted Office file. One of the vulnerabilities CVE-2016-0183 is present in the graphical component of Office. Critical.
The MS16-055 update fixes five vulnerabilities in Windows Vista + graphic components: Gdi32.dll, D3d10level9.dll, Windowscodecs.dll. Vulnerability CVE-2016-0170 is a type of RCE and allows attackers to remotely execute code in the system using a malicious multimedia file posted on a website. Two other vulnerabilities, CVE-2016-0168 and CVE-2016-0169, are of the Information Disclosure type and are present in the Gdi32.dll component. They allow an attacker to gain unauthorized information about the user's system. Critical.
Update MS16-056 fixes the dangerous RCE vulnerability CVE-2016-0182 in the component of Windows Vista Journal + (Windows Journal). The exploitation of the vulnerability is possible through the user opening a specially formed log file, a link to which can be sent to the victim via an instant messenger or by e-mail. The following system files are subject to updating: Jnwdrv.dll, Jnwdui.dll, Jnwmon.dll, Pdialog.exe, Journal.exe and other Critical.
Update MS16-057 fixes a dangerous RCE vulnerability identified as CVE-2016-0179 in the Windows Shell on Windows 8.1+. The exploitation of the vulnerability is possible through specially crafted content that will be posted on the website. The system library Windows.ui.dll is subject to updating. Critical.
Update MS16-059 fixes an RCE vulnerability with identifier CVE-2016-0185 in Windows Media Center on Windows Vista +. Attackers can remotely execute the code in the user's system through a specially crafted Media Center link (.mcl) link file, which must be opened in the Media Center player. The system file Ehshell.dll is subject to updating. Important.
The MS16-060 update fixes the Local Privilege Escalation (LPE) vulnerability CVE-2016-0180 in the kernel (Ntoskrnl.exe) of Windows Vista +. The vulnerability lies in the incorrect processing of symbolic links and allows a malicious application to elevate its privileges to the kernel level and run malicious code in kernel mode. Important.
Update MS16-061 fixes the LPE vulnerability CVE-2016-0178 in the Remote Procedure Call (RPC) component on Windows Vista +. The attacker can send a special RPC request to the other side, which will lead to a memory leak in the RPC Network Data Representation (NDR) Engine, which will allow the attacker to execute his code in the system with maximum privileges. The update is addressed to the Rpcrt4.dll library. Important.
The MS16-062 update fixes multiple LPE vulnerabilities in Windows subsystem drivers — Win32k.sys and DirectX — Dxgkrnl.sys, Dxgmms1.sys on Windows Vista +. Vulnerabilities can be exploited using malicious applications that provide attackers with maximum SYSTEM privileges in the system. One of the vulnerabilities in Win32k.sys with identifier CVE-2016-0175 can be used to bypass the Kernel ASLR (KASLR). Important.
Update MS16-067 fixes an Information Disclosure type CVE-2016-0190 vulnerability in the Volmgr.sys volume manager driver on Windows 8.1. In an attack scenario using a vulnerability, an attacker can view the contents of a removable USB disk mounted to the system via remote RDP using Microsoft RemoteFX. Important.
Information about other updates can be found here technet.microsoft.com/library/security/ms16-may .
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
Source: https://habr.com/ru/post/283324/
All Articles