Microsoft has released updates for its products.

Microsoft has updated its products, releasing 14 updates, 7 of which received the status of Critical. Updates are addressed to Internet Explorer and Edge web browsers, various components of Windows, Office, and Exchange Server. Information Security CSE- 2016-3351 vulnerability, closed by MS16-104, in Internet Explorer 9-11 is used by attackers in targeted attacks. One of the MS16-111 updates fixes the Local Privilege Escalation (LPE) vulnerabilities in the Windows loader (Winload.efi), as well as in the ntoskrnl and ntdll kernel files. Vulnerabilities allow an attacker to gain maximum SYSTEM rights in the system.

The MS16-104 update fixes 10 vulnerabilities in Internet Explorer 9-11. Most of the fixed vulnerabilities are of the Remote Code Execution (RCE) type and can be used by attackers for remote code execution using a specially crafted web page. Critical.

The MS16-105 update fixes 12 vulnerabilities in the Edge web browser on Windows 10. Most of the fixed vulnerabilities are of the Remote Code Execution (RCE) type and can be used by attackers for remote code execution using a specially crafted web page. The vulnerability used by attackers with the information disclosure type CVE-2016-3351 identifier is also relevant for Edge. Critical.
')
The MS16-106 update fixes various vulnerabilities in Windows Vista-10 components. One of the vulnerabilities is identified by the CVE-2016-3356 identifier and is critical because it is present in the User32.dll component on Windows 10 v1607. The exploitation of the vulnerability is possible in two ways, the first implies placing a specially crafted multimedia file on a website, and the second implies that such content will be embedded in a special document and sent in a phishing message. Two more LPE vulnerabilities are present in the win32k.sys driver and allow an attacker to execute their code in kernel mode. Critical.

The MS16-107 update fixes multiple vulnerabilities in Office 2007-2013. Most closed vulnerabilities are of type RCE and can be used by attackers for remote code execution using a specially crafted Office file. Such a file can be posted on a website or sent by a phishing message to the alleged victim. Critical.

The MS16-108 update fixes vulnerabilities in the Exchange Server 2007 - 2016 product. The update is flagged as critical because it includes fixes for Oracle library vulnerabilities that are integrated into the Exchange Server product. Other vulnerabilities are LPE and Information Disclosure. The first with the CVE-2016-3379 identifier is related to Outlook and fixes a vulnerability in the code that is responsible for processing the request for an Outlook meeting. Critical.

The MS16-109 update addresses the MS Silverlight 5 framework and fixes one RCE vulnerability with the identifier CVE-2016-3367. The exploitation of the vulnerability is possible remotely, using specially crafted content of Silverlight 5, which will be posted on the website. Important.

Update MS16-110 fixes four vulnerabilities in Windows Vista components - 10. Vulnerability of LPE type with the identifier CVE-2016-3346 (Windows Permissions Enforcement Elevation of Privilege Vulnerability) allows an attacker who is already logged in to elevate their rights in it to the level of administrator using a specially formed DLL library. The vulnerability of the Information Disclosure-type CVE-2016-3352 allows an attacker to iterate over NTLM password hashes due to a flaw in the Single Sign-On (SSO) NTLM request verification mechanism during a Microsoft Account Logon (MSA) session. Important.

The MS16-111 update fixes five LPE vulnerabilities in Windows Vista - 10. Windows Winload.efi, Winresume.efi, Csrsrv.dll system files, Ntdll.dll, Ntoskrnl.exe are to be fixed. Vulnerabilities CVE-2016-3305 and CVE-2016-3306 are present in the session object core processing code (Session). At the same time, exploitation of vulnerabilities is possible through launching a special application in the system. Vulnerability CVE-2016-3371 when checking access rights is present in the Windows kernel API and allows an attacker to gain access to information not intended for his account. Vulnerability CVE-2016-3373 is similar to the previous one, but in this case, the attacker can gain access to important registry keys. Important.

Update MS16-112 fixes a LPE type vulnerability with CVE-2016-3302 in the screen lock component (Windows Lock Screen) on Windows 8.1+. The update is addressed to the system files Wwanconn.dll, Wwanmm.dll, Wwanpref.dll. The vulnerability allows an attacker with physical access to the PC to start the application on the locked computer due to the fact that Windows incorrectly allows the web application to load in the locked system. Important.

Update MS16-113 fixes one Information Disclosure type vulnerability with identifier CVE-2016-3344 in Windows 10. The vulnerability is present in the Secure Kernel Mode subsystem. Important.

Update MS16-114 fixes an RCE vulnerability with identifier CVE-2016-3345 on Windows Vista +. In Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2, the vulnerability is present in the Server Message Block 1.0 (SMBv1) Server component of the service and allows the logged in attacker to remotely execute code through sending specially crafted packets to the server. In the case of Windows 8+, this is a Denial of Service vulnerability. Important.

Update MS16-115 fixes two vulnerabilities with identifiers CVE-2016-3370 and CVE-2016-3374 in the infamous Windows PDF library (Glcndfilter.dll). Both vulnerabilities are of type Information Disclosure and help an attacker to obtain information about the victim’s system for further compromise. Thus, a specially formed PDF file can be posted on the website or sent by mail. Important.

The MS16-116 update fixes a critical RCE vulnerability in the OLE Automation component (Oleaut32.dll) for VBScript Scripting Engine (VBScript) on Windows Vista +. The exploitation of the vulnerability is possible using a specially formed web page. Critical.

We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).


be secure.