Microsoft fixes vulnerabilities in Windows
Microsoft fixed major vulnerabilities in Windows by releasing 16 updates. Five of these updates have Critical status. As part of MS16-063 , the Internet Explorer 9-11 web browser has been updated, for which ten vulnerabilities have been fixed. Most of the fixed vulnerabilities are of the Remote Code Execution (RCE) type and can be used for remote code execution in a web browser using a specially crafted web page. A reboot is required to apply the update.
Critical update MS16-071 fixes a dangerous RCE vulnerability with identifier CVE-2016-3227 in the Windows DNS service (Dns.exe) on Windows Server 2012. A special DNS query can be used to exploit the vulnerability, which is sent to the server. At the same time, in case of successful operation, the attacker will receive high local system privileges in Windows. As part of MS16-073, the win32k.sys GUI driver was also updated, in which two LPE vulnerabilities were closed, with which attackers could unauthorizedly launch their kernel mode code on the system.
')
The MS16-063 update fixes ten vulnerabilities in the Internet Explorer 9-11 web browser, most of which are of type RCE. Such vulnerabilities can be exploited using a specially crafted web page that allows you to remotely execute code in a web browser. Critical.
Update MS16-068 fixes eight similar RCE vulnerabilities in the Edge web browser. Two Information Disclosure vulnerabilities CVE-2016-3201 and CVE-2016-3215 are present in the component view PDF-files, with their help, an attacker can unauthorized access to user information. Critical.
Update MS16-069 fixes three RCE vulnerabilities CVE-2016-3205, CVE-2016-3206 and CVE-2016-3207 in VBScript Scripting Engine (VBScript.dll) and JavaScript (JScript.dll) engines. Vulnerabilities can be exploited using malicious content when using Internet Explorer. Critical.
Update MS16-070 fixes vulnerabilities in Microsoft Office 2007+. Vulnerability CVE-2016-0025 belongs to the RCE type and can be used for remote code execution using a specially crafted Office MS-Word file. Another vulnerability with the CVE-2016-3235 identifier is called Office OLE DLL Side Loading and allows an attacker to load his dynamic library into the context of the Office process. Critical.
Update MS16-071 fixes a serious RCE vulnerability CVE-2016-3227 in the DNS Server service (dns.exe) on Windows Server 2012 and Windows Server 2012 R2. Attackers can remotely execute code on a server with high Local System rights by sending a specially crafted DNS request. The privileges obtained may allow the exploit code to load the kernel mode code into Windows. Critical.
Update MS16-072 fixes an important Elevation of Privilege vulnerability CVE-2016-3223 in the Group Policy component on Windows Vista +. Using a vulnerability, an attacker can enhance his authority in the system by attacking man-in-the-middle (MiTM) against the traffic between the domain controller and the victim's machine. The attacker gets the rights to create a group policy that allows you to grant administrator rights to a simple user (Elevation of Privilege). Important.
Update MS16-073 fixes important vulnerabilities in Windows system components. Two vulnerabilities with identifiers CVE-2016-3218 and CVE-2016-3221 are present in the win32k.sys driver on Windows Vista +. Another vulnerability of the Information Disclosure type is present in the Windows Virtual PCI system driver (Vpcivsp.sys) on Windows Server 2012. The vulnerability allows an attacker to gain access to the contents of memory that he legitimately does not have access to. Vulnerabilities in win32k.sys allow an attacker to execute its code with the maximum SYSTEM rights in the system. Important.
Update MS16-074 fixes vulnerabilities in various components of Windows. The Information Disclosure Type CVE-2016-3216 vulnerability is present in the Windows Graphics component (Gdi32.dll) on Windows Vista + and allows an attacker to bypass the ASLR defense mechanism. Another LPE vulnerability CVE-2016-3219 is present in the win32k.sys driver on Windows 10 and allows an attacker to run malicious code with SYSTEM rights. Another LPE vulnerability CVE-2016-3220 is present in the well-known Adobe Type Manager Library (atmfd.dll) on Windows Vista +. The library is used by win32k.sys, and the vulnerability allows an attacker to run code in the system with maximum rights. Important.
Update MS16-075 fixes one Elevation of Privilege type vulnerability in SMB Server component on Windows Vista +. System components such as drivers Cng.sys, Ksecpkg.sys, Mrxsmb10.sys, Mrxsmb20.sys, Mrxsmb.sys, Srvnet.sys, Srv.sys, Srv2.sys, as well as the Bcryptprimitives.dll, Lsasrv.dll and etc. To exploit the vulnerability, an attacker needs to launch a special malicious application that will gain system privileges in Windows. At the same time, the application must send a special authentication request to the SMB server, which incorrectly processes credential forwarding requests. Important.
Update MS16-076 fixes one RCE vulnerability CVE-2016-3228 in the Windows Netlogon component (Wdigest.dll, files from MS16-075) on Windows Server 2008 and Windows Server 2012. In case of successful authentication in the domain, the attacker can send in a special way generated NetLogon request to the domain controller and execute its own code on it. The vulnerability is marked as Important because the attacker must already have access to the corporate network (domain). Important.
Update MS16-077 fixes two CVE-2016-3213 and CVE-2016-3236 LPE vulnerabilities in the Auto Discovery Web Proxy Protocol (WPAD) component on Windows Vista +. System files with network functions Netbt.sys, Mswsock.dll, Ws2_32.dll, Winhttp.dll are subject to updating. Important.
Update MS16-078 fixes a LPE vulnerability with the identifier CVE-2016-3231 for the Windows Diagnostics Hub Standard Collector service on Windows 10. The vulnerability allows an attacker to load his library into the privileged service context, after which he will get maximum system rights in Windows. Important.
Update MS16-079 fixes a number of important vulnerabilities in Microsoft Exchange Server 2007+. One vulnerability relates to the Information Disclosure type, and the other three to the Elevation of Privilege type. Important.
The MS16-080 update fixes three vulnerabilities in the Windows PDF component (Windows.data.pdf.dll. Glcndfilter.dll) on Windows 8.1+. Operation of vulnerabilities is possible using a specially formed PDF file. Two of them belong to the Information Disclosure type, and the third to the RCE. Important.
Update MS16-081 fixes a Denial of Service vulnerability in the Active Directory service component (Ntdsai.dll) on the server editions of Windows Server 2008 R2 and Windows Server 2012. An attacker can cause the server to freeze by creating several accounts remotely, and the attacker must be authenticated in the domain. Important.
Update MS16-082 fixes a CVE-2016-3230 type Denial of Service vulnerability in the Windows Search component on Windows 7+ (Structuredquery.dll). The attacker can cause the system to freeze by running a special application in it. Important.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
Critical update MS16-071 fixes a dangerous RCE vulnerability with identifier CVE-2016-3227 in the Windows DNS service (Dns.exe) on Windows Server 2012. A special DNS query can be used to exploit the vulnerability, which is sent to the server. At the same time, in case of successful operation, the attacker will receive high local system privileges in Windows. As part of MS16-073, the win32k.sys GUI driver was also updated, in which two LPE vulnerabilities were closed, with which attackers could unauthorizedly launch their kernel mode code on the system.
')
The MS16-063 update fixes ten vulnerabilities in the Internet Explorer 9-11 web browser, most of which are of type RCE. Such vulnerabilities can be exploited using a specially crafted web page that allows you to remotely execute code in a web browser. Critical.
Update MS16-068 fixes eight similar RCE vulnerabilities in the Edge web browser. Two Information Disclosure vulnerabilities CVE-2016-3201 and CVE-2016-3215 are present in the component view PDF-files, with their help, an attacker can unauthorized access to user information. Critical.
Update MS16-069 fixes three RCE vulnerabilities CVE-2016-3205, CVE-2016-3206 and CVE-2016-3207 in VBScript Scripting Engine (VBScript.dll) and JavaScript (JScript.dll) engines. Vulnerabilities can be exploited using malicious content when using Internet Explorer. Critical.
Update MS16-070 fixes vulnerabilities in Microsoft Office 2007+. Vulnerability CVE-2016-0025 belongs to the RCE type and can be used for remote code execution using a specially crafted Office MS-Word file. Another vulnerability with the CVE-2016-3235 identifier is called Office OLE DLL Side Loading and allows an attacker to load his dynamic library into the context of the Office process. Critical.
Update MS16-071 fixes a serious RCE vulnerability CVE-2016-3227 in the DNS Server service (dns.exe) on Windows Server 2012 and Windows Server 2012 R2. Attackers can remotely execute code on a server with high Local System rights by sending a specially crafted DNS request. The privileges obtained may allow the exploit code to load the kernel mode code into Windows. Critical.
Update MS16-072 fixes an important Elevation of Privilege vulnerability CVE-2016-3223 in the Group Policy component on Windows Vista +. Using a vulnerability, an attacker can enhance his authority in the system by attacking man-in-the-middle (MiTM) against the traffic between the domain controller and the victim's machine. The attacker gets the rights to create a group policy that allows you to grant administrator rights to a simple user (Elevation of Privilege). Important.
Update MS16-073 fixes important vulnerabilities in Windows system components. Two vulnerabilities with identifiers CVE-2016-3218 and CVE-2016-3221 are present in the win32k.sys driver on Windows Vista +. Another vulnerability of the Information Disclosure type is present in the Windows Virtual PCI system driver (Vpcivsp.sys) on Windows Server 2012. The vulnerability allows an attacker to gain access to the contents of memory that he legitimately does not have access to. Vulnerabilities in win32k.sys allow an attacker to execute its code with the maximum SYSTEM rights in the system. Important.
Update MS16-074 fixes vulnerabilities in various components of Windows. The Information Disclosure Type CVE-2016-3216 vulnerability is present in the Windows Graphics component (Gdi32.dll) on Windows Vista + and allows an attacker to bypass the ASLR defense mechanism. Another LPE vulnerability CVE-2016-3219 is present in the win32k.sys driver on Windows 10 and allows an attacker to run malicious code with SYSTEM rights. Another LPE vulnerability CVE-2016-3220 is present in the well-known Adobe Type Manager Library (atmfd.dll) on Windows Vista +. The library is used by win32k.sys, and the vulnerability allows an attacker to run code in the system with maximum rights. Important.
Update MS16-075 fixes one Elevation of Privilege type vulnerability in SMB Server component on Windows Vista +. System components such as drivers Cng.sys, Ksecpkg.sys, Mrxsmb10.sys, Mrxsmb20.sys, Mrxsmb.sys, Srvnet.sys, Srv.sys, Srv2.sys, as well as the Bcryptprimitives.dll, Lsasrv.dll and etc. To exploit the vulnerability, an attacker needs to launch a special malicious application that will gain system privileges in Windows. At the same time, the application must send a special authentication request to the SMB server, which incorrectly processes credential forwarding requests. Important.
Update MS16-076 fixes one RCE vulnerability CVE-2016-3228 in the Windows Netlogon component (Wdigest.dll, files from MS16-075) on Windows Server 2008 and Windows Server 2012. In case of successful authentication in the domain, the attacker can send in a special way generated NetLogon request to the domain controller and execute its own code on it. The vulnerability is marked as Important because the attacker must already have access to the corporate network (domain). Important.
Update MS16-077 fixes two CVE-2016-3213 and CVE-2016-3236 LPE vulnerabilities in the Auto Discovery Web Proxy Protocol (WPAD) component on Windows Vista +. System files with network functions Netbt.sys, Mswsock.dll, Ws2_32.dll, Winhttp.dll are subject to updating. Important.
Update MS16-078 fixes a LPE vulnerability with the identifier CVE-2016-3231 for the Windows Diagnostics Hub Standard Collector service on Windows 10. The vulnerability allows an attacker to load his library into the privileged service context, after which he will get maximum system rights in Windows. Important.
Update MS16-079 fixes a number of important vulnerabilities in Microsoft Exchange Server 2007+. One vulnerability relates to the Information Disclosure type, and the other three to the Elevation of Privilege type. Important.
The MS16-080 update fixes three vulnerabilities in the Windows PDF component (Windows.data.pdf.dll. Glcndfilter.dll) on Windows 8.1+. Operation of vulnerabilities is possible using a specially formed PDF file. Two of them belong to the Information Disclosure type, and the third to the RCE. Important.
Update MS16-081 fixes a Denial of Service vulnerability in the Active Directory service component (Ntdsai.dll) on the server editions of Windows Server 2008 R2 and Windows Server 2012. An attacker can cause the server to freeze by creating several accounts remotely, and the attacker must be authenticated in the domain. Important.
Update MS16-082 fixes a CVE-2016-3230 type Denial of Service vulnerability in the Windows Search component on Windows 7+ (Structuredquery.dll). The attacker can cause the system to freeze by running a special application in it. Important.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
Source: https://habr.com/ru/post/303336/
All Articles