Microsoft fixes vulnerabilities in Windows
Microsoft has released updates for its products, fixing vulnerabilities in the kernel and system components of Windows, as well as the .NET Framework and Office. A total of 49 vulnerabilities are subject to correction within 6 critical and 5 important updates. One of the most important MS16-090 updates fixes six vulnerabilities in the infamous Windows GUI subsystem driver, win32k.sys. Vulnerabilities are related to Local Privilege Escalation (LPE) and can be used by attackers to raise their rights in the system to the SYSTEM level, which will allow unauthorized execution of code directly in kernel mode. The update is relevant for Windows Vista +.
Another major update, MS16-094 fixes a Security Feature Bypass (SFB) vulnerability with identifier CVE-2016-3287 in the Windows security engine called Secure Boot. Secure Boot is used by Windows as a guarantee of loading legitimate UEFI code at the earliest stage of the system boot, which guarantees the user the absence of any malicious code that can be run even before the OS is loaded. Using the vulnerability, an attacker can also disable the driver's digital signature verification setting in the system, which can be used to load test digital signature drivers into the memory. The fix is relevant for Windows 8.1+.
')
Update MS16-084 fixes critical RCE vulnerabilities in all supported versions of Internet Explorer 9-11 on Windows Vista +. Vulnerabilities can be exploited using a specially crafted web page, while the user needs to open the web page in a web browser. Critical.
Update MS16-085 fixes critical RCE vulnerabilities in the Edge web browser on Windows 10. As in the previous case, exploitation of vulnerabilities is possible using a specially formed web page. Critical.
The MS16-086 update fixes two critical RCE vulnerabilities in the VBScript.dll and JScript.dll engines with the identifiers CVE-2016-3204 and CVE-2016-3204. With the use of malicious content, attackers can remotely execute the necessary code on the system on Internet Explorer and Edge web browsers, which use these libraries for VBScript and JavaScript content. Critical.
Update MS16-087 fixes two critical vulnerabilities with identifiers CVE-2016-3238 and CVE-2016-3239 in the print spooler component on Windows Vista +. The first vulnerability is of the Remote Code Execution type and can be used by attackers for remote code execution provided they have the ability to conduct a MitM attack on the network, the second one is of the Local Privelege Escalation type and can be used to obtain SYSTEM rights. Remote code execution is possible both on the vulnerable client and on the print server, the attacker can also create a fake printer on the network. The following system files are subject to updating: Localspl.dll, Winprint.dll, Ntprint.dll and others. Critical.
The MS16-088 update fixes various vulnerabilities in MS Office 2007+, most of which are of type RCE. These vulnerabilities give an attacker the ability to remotely execute code on a system with a vulnerable version of Office using a specially crafted file. One of the vulnerabilities with the CVE-2016-3279 identifier is of Security Feature Bypass (SFB) type and can be used by attackers to bypass Office protection mode (Protected View). This mode is used by Office when opening potentially malicious objects received from the Internet and disables any privileges for the running application process. Critical.
Update MS16-089 fixes an Information Disclosure type CVE-2016-3256 vulnerability in the Secure Kernel Mode component on Windows 10. Vulnerability can be used by attackers to gain unauthorized access to private information about the system. Important.
The MS16-090 update fixes six vulnerabilities in the win32k.sys driver on Windows Vista +. Five of these vulnerabilities are of type LPE and allow attackers to elevate their privileges in the system to the SYSTEM level by launching a local exploit in the system. Vulnerability with identifier CVE-2016-3251 is of type Information Disclosure and allows attackers to reveal important addresses in the system virtual address space. Important.
Update MS16-091 fixes one Information Disclosure type vulnerability with identifier CVE-2016-3255 in .NET Framework 2.0+ on Windows Vista +. Vulnerability is present in the code processing XML input arguments, so-called. XML External Entity (XXE) parser that incorrectly processes some values that can be used by attackers to read any file in the system. To exploit the attack, attackers need to create a specially crafted XML file and load it into a web application. Important.
The MS16-092 update fixes two vulnerabilities in the Windows 8.1+ kernel. The first vulnerability with identifier CVE-2016-3258 is of type SFB and can be used by attackers to modify files that are inaccessible to an exploit application with a low level of access in the system. This is achieved by attacking the type of time of check time of use (TOCTOU) when the kernel checks the file paths. The second vulnerability with identifier CVE-2016-3272 is of the Information Disclosure type and is present in the kernel code that is responsible for handling the page fault exception (page error). An attacker who has gained access to the system can thus gain access to the memory of another process. Windows bootloader Winload.efi, the kernel Ntoskrnl.exe, as well as Ntdll.dll, Winresume.efi, and others are subject to update. Important.
The MS16-093 update delivers an updated version of the Adobe Flash Player to the system, which is used by IE and Edge web browsers ( APSB16-25 ).
Update MS16-094 fixes one SFB type vulnerability with identifier CVE-2016-3287 in the Secure Boot security engine. Using the vulnerability, attackers can bypass the Secure Boot firmware boot security setting, as well as disable digital signature verification in the system for drivers and kernel mode components. For different versions of Windows, various system files can be updated, including the Winload.efi loader, the Code Integrity Module cryptographic library (ci.dll), and other system files. Important.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
Another major update, MS16-094 fixes a Security Feature Bypass (SFB) vulnerability with identifier CVE-2016-3287 in the Windows security engine called Secure Boot. Secure Boot is used by Windows as a guarantee of loading legitimate UEFI code at the earliest stage of the system boot, which guarantees the user the absence of any malicious code that can be run even before the OS is loaded. Using the vulnerability, an attacker can also disable the driver's digital signature verification setting in the system, which can be used to load test digital signature drivers into the memory. The fix is relevant for Windows 8.1+.
')
Update MS16-084 fixes critical RCE vulnerabilities in all supported versions of Internet Explorer 9-11 on Windows Vista +. Vulnerabilities can be exploited using a specially crafted web page, while the user needs to open the web page in a web browser. Critical.
Update MS16-085 fixes critical RCE vulnerabilities in the Edge web browser on Windows 10. As in the previous case, exploitation of vulnerabilities is possible using a specially formed web page. Critical.
The MS16-086 update fixes two critical RCE vulnerabilities in the VBScript.dll and JScript.dll engines with the identifiers CVE-2016-3204 and CVE-2016-3204. With the use of malicious content, attackers can remotely execute the necessary code on the system on Internet Explorer and Edge web browsers, which use these libraries for VBScript and JavaScript content. Critical.
Update MS16-087 fixes two critical vulnerabilities with identifiers CVE-2016-3238 and CVE-2016-3239 in the print spooler component on Windows Vista +. The first vulnerability is of the Remote Code Execution type and can be used by attackers for remote code execution provided they have the ability to conduct a MitM attack on the network, the second one is of the Local Privelege Escalation type and can be used to obtain SYSTEM rights. Remote code execution is possible both on the vulnerable client and on the print server, the attacker can also create a fake printer on the network. The following system files are subject to updating: Localspl.dll, Winprint.dll, Ntprint.dll and others. Critical.
The MS16-088 update fixes various vulnerabilities in MS Office 2007+, most of which are of type RCE. These vulnerabilities give an attacker the ability to remotely execute code on a system with a vulnerable version of Office using a specially crafted file. One of the vulnerabilities with the CVE-2016-3279 identifier is of Security Feature Bypass (SFB) type and can be used by attackers to bypass Office protection mode (Protected View). This mode is used by Office when opening potentially malicious objects received from the Internet and disables any privileges for the running application process. Critical.
Update MS16-089 fixes an Information Disclosure type CVE-2016-3256 vulnerability in the Secure Kernel Mode component on Windows 10. Vulnerability can be used by attackers to gain unauthorized access to private information about the system. Important.
The MS16-090 update fixes six vulnerabilities in the win32k.sys driver on Windows Vista +. Five of these vulnerabilities are of type LPE and allow attackers to elevate their privileges in the system to the SYSTEM level by launching a local exploit in the system. Vulnerability with identifier CVE-2016-3251 is of type Information Disclosure and allows attackers to reveal important addresses in the system virtual address space. Important.
Update MS16-091 fixes one Information Disclosure type vulnerability with identifier CVE-2016-3255 in .NET Framework 2.0+ on Windows Vista +. Vulnerability is present in the code processing XML input arguments, so-called. XML External Entity (XXE) parser that incorrectly processes some values that can be used by attackers to read any file in the system. To exploit the attack, attackers need to create a specially crafted XML file and load it into a web application. Important.
The MS16-092 update fixes two vulnerabilities in the Windows 8.1+ kernel. The first vulnerability with identifier CVE-2016-3258 is of type SFB and can be used by attackers to modify files that are inaccessible to an exploit application with a low level of access in the system. This is achieved by attacking the type of time of check time of use (TOCTOU) when the kernel checks the file paths. The second vulnerability with identifier CVE-2016-3272 is of the Information Disclosure type and is present in the kernel code that is responsible for handling the page fault exception (page error). An attacker who has gained access to the system can thus gain access to the memory of another process. Windows bootloader Winload.efi, the kernel Ntoskrnl.exe, as well as Ntdll.dll, Winresume.efi, and others are subject to update. Important.
The MS16-093 update delivers an updated version of the Adobe Flash Player to the system, which is used by IE and Edge web browsers ( APSB16-25 ).
Update MS16-094 fixes one SFB type vulnerability with identifier CVE-2016-3287 in the Secure Boot security engine. Using the vulnerability, attackers can bypass the Secure Boot firmware boot security setting, as well as disable digital signature verification in the system for drivers and kernel mode components. For different versions of Windows, various system files can be updated, including the Winload.efi loader, the Code Integrity Module cryptographic library (ci.dll), and other system files. Important.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
Source: https://habr.com/ru/post/305620/
All Articles