Microsoft fixed a serious vulnerability in Windows
Microsoft released the November set of updates, which fixes multiple vulnerabilities in Windows and Office products. Two fixed vulnerabilities are in active exploitation by hackers. The first with the CVE-2016-7255 type Local Privilege Escalation (LPE) is present in the Win32k.sys driver on all supported versions of Windows. We wrote about this vulnerability earlier, it was used in cyber attacks to bypass the sandbox mechanism of a web browser together with the RCE exploit for Flash Player.
Another vulnerability such as RCE with identifier CVE-2016-7256 is present in the graphics subsystem on Windows Vista +. Using the vulnerability, attackers can remotely execute malicious code in a web browser using a malicious multimedia file located on a web page. MS also fixed a vulnerability in the Virtual Secure Mode (VSM) subsystem on Windows 10, which is used to implement security features such as Device Guard and Credential Guard.
Update MS16-129 fixes multiple RCE vulnerabilities in the Edge web browser that can be used by attackers to remotely execute code in a web browser using a specially crafted web page. Critical.
')
The MS16-130 update fixes one critical RCE vulnerability with the identifier CVE-2016-7212, which allows attackers to remotely execute code when a specially formed PE file enters the system (Windows image file loading functionality). Actual for Windows Vista +. Two more vulnerabilities with identifiers CVE-2016-7221 and CVE-2016-7222 of type LPE allow an attacker to elevate their privileges in the system. Critical.
The MS16-131 update fixes one vulnerability with the CVE-2016-7248 identifier of type RCE in the Microsoft Video Control component on Windows Vista +. To exploit the vulnerability, an attacker can use a specially crafted multimedia file that is placed on the website. Critical.
The MS16-132 update fixes four vulnerabilities in the Adobe Type Manager Library Library (atmfd.dll), the Windows Animation Manager subsystem, and Media Foundation. Vulnerabilities can be used by attackers remotely to obtain user sensitive information (Information Disclosure), as well as remote code execution (RCE). Critical.
The MS16-133 update fixes twelve type vulnerabilities in the Office 2007-2016 product, most of which are of the RCE type. Vulnerabilities can be exploited by attackers for remote code execution using a specially crafted Office file. The file can be placed on a phishing website or sent to the victim as an email attachment. Important.
The MS16-134 update fixes ten LPE vulnerabilities in the Windows Common Log File System driver (Clfs.sys) on Windows Vista +. Vulnerabilities can be used for unauthorized acquisition of SYSTEM rights in the system and run the kernel mode code. Important.
The MS16-135 update fixes multiple vulnerabilities in kernel-mode drivers: Win32k.sys and Bowser.sys on Windows Vista +. In the Win32k.sys driver, four vulnerabilities were fixed, one of which with the identifier CVE-2016-7214 is of the Information Disclosure type and can be used to bypass the Kernel ASLR (KASLR) security mechanism by disclosing the address of the kernel system object. Three more vulnerabilities are of type LPE and can be used by attackers to gain SYSTEM privileges in the system. Exploitation of vulnerabilities is possible with the use of applications with exploit. Important.
The MS16-136 update fixes several vulnerabilities in SQL Server 2012+ products. Vulnerability CVE-2016-7253 is present in the SQL Server Engine when the SQL Server Agent does not work properly with the Atxcore.dll access control list (ACL). The exploitation of the vulnerability is possible when the attackers access the SQL Server database, which will allow them to increase their privileges in the system. Important.
Update MS16-137 fixes three vulnerabilities in the authentication system on Windows Vista +. One of the vulnerabilities with identifier CVE-2016-7220 is present in the Virtual Secure Mode (VSM) subsystem and is relevant only for Windows 10. The vulnerability is of type Information Disclosure and can be used by attackers to partially compromise such security mechanisms as Device Guard, Credential Guard, also Windows Defender Application Guard. Another vulnerability of the Denial of Service (DoS) type is present in the LSASS system component (Lsass.exe) and allows an attacker to cause Windows to freeze by sending a specially crafted request. Important.
Update MS16-138 fixes 4 LPE-type vulnerabilities in the Virtual Hard Disk Driver Windows 8.1+. Vulnerabilities allow attackers to execute their code in the system with maximum SYSTEM privileges. Important.
The MS16-139 update fixes one LPE vulnerability in the Windows Vista + kernel. Vulnerability is present in the kernel API-function and allows attackers to increase their privileges in the system. Important.
The MS16-140 update fixes the Security Feature Bypass (SFB) vulnerability CVE-2016-7247 in the Windows firmware, which is responsible for the implementation of the Secure Boot mechanism for early loading of Windows 8.1+. Vulnerability is present in the boot code of rules (boot policy) and, in case of successful operation, allows disabling the digital signature verification function of loaded modules. Important.
The MS16-142 update fixes multiple vulnerabilities in Internet Explorer 9-11. Most of the fixed vulnerabilities are of type RCE and allow attackers to remotely execute code in a web browser using a specially crafted web page. Critical.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
Another vulnerability such as RCE with identifier CVE-2016-7256 is present in the graphics subsystem on Windows Vista +. Using the vulnerability, attackers can remotely execute malicious code in a web browser using a malicious multimedia file located on a web page. MS also fixed a vulnerability in the Virtual Secure Mode (VSM) subsystem on Windows 10, which is used to implement security features such as Device Guard and Credential Guard.
Update MS16-129 fixes multiple RCE vulnerabilities in the Edge web browser that can be used by attackers to remotely execute code in a web browser using a specially crafted web page. Critical.
')
The MS16-130 update fixes one critical RCE vulnerability with the identifier CVE-2016-7212, which allows attackers to remotely execute code when a specially formed PE file enters the system (Windows image file loading functionality). Actual for Windows Vista +. Two more vulnerabilities with identifiers CVE-2016-7221 and CVE-2016-7222 of type LPE allow an attacker to elevate their privileges in the system. Critical.
The MS16-131 update fixes one vulnerability with the CVE-2016-7248 identifier of type RCE in the Microsoft Video Control component on Windows Vista +. To exploit the vulnerability, an attacker can use a specially crafted multimedia file that is placed on the website. Critical.
The MS16-132 update fixes four vulnerabilities in the Adobe Type Manager Library Library (atmfd.dll), the Windows Animation Manager subsystem, and Media Foundation. Vulnerabilities can be used by attackers remotely to obtain user sensitive information (Information Disclosure), as well as remote code execution (RCE). Critical.
The MS16-133 update fixes twelve type vulnerabilities in the Office 2007-2016 product, most of which are of the RCE type. Vulnerabilities can be exploited by attackers for remote code execution using a specially crafted Office file. The file can be placed on a phishing website or sent to the victim as an email attachment. Important.
The MS16-134 update fixes ten LPE vulnerabilities in the Windows Common Log File System driver (Clfs.sys) on Windows Vista +. Vulnerabilities can be used for unauthorized acquisition of SYSTEM rights in the system and run the kernel mode code. Important.
The MS16-135 update fixes multiple vulnerabilities in kernel-mode drivers: Win32k.sys and Bowser.sys on Windows Vista +. In the Win32k.sys driver, four vulnerabilities were fixed, one of which with the identifier CVE-2016-7214 is of the Information Disclosure type and can be used to bypass the Kernel ASLR (KASLR) security mechanism by disclosing the address of the kernel system object. Three more vulnerabilities are of type LPE and can be used by attackers to gain SYSTEM privileges in the system. Exploitation of vulnerabilities is possible with the use of applications with exploit. Important.
The MS16-136 update fixes several vulnerabilities in SQL Server 2012+ products. Vulnerability CVE-2016-7253 is present in the SQL Server Engine when the SQL Server Agent does not work properly with the Atxcore.dll access control list (ACL). The exploitation of the vulnerability is possible when the attackers access the SQL Server database, which will allow them to increase their privileges in the system. Important.
Update MS16-137 fixes three vulnerabilities in the authentication system on Windows Vista +. One of the vulnerabilities with identifier CVE-2016-7220 is present in the Virtual Secure Mode (VSM) subsystem and is relevant only for Windows 10. The vulnerability is of type Information Disclosure and can be used by attackers to partially compromise such security mechanisms as Device Guard, Credential Guard, also Windows Defender Application Guard. Another vulnerability of the Denial of Service (DoS) type is present in the LSASS system component (Lsass.exe) and allows an attacker to cause Windows to freeze by sending a specially crafted request. Important.
Update MS16-138 fixes 4 LPE-type vulnerabilities in the Virtual Hard Disk Driver Windows 8.1+. Vulnerabilities allow attackers to execute their code in the system with maximum SYSTEM privileges. Important.
The MS16-139 update fixes one LPE vulnerability in the Windows Vista + kernel. Vulnerability is present in the kernel API-function and allows attackers to increase their privileges in the system. Important.
The MS16-140 update fixes the Security Feature Bypass (SFB) vulnerability CVE-2016-7247 in the Windows firmware, which is responsible for the implementation of the Secure Boot mechanism for early loading of Windows 8.1+. Vulnerability is present in the boot code of rules (boot policy) and, in case of successful operation, allows disabling the digital signature verification function of loaded modules. Important.
The MS16-142 update fixes multiple vulnerabilities in Internet Explorer 9-11. Most of the fixed vulnerabilities are of type RCE and allow attackers to remotely execute code in a web browser using a specially crafted web page. Critical.
We recommend that our users install updates as soon as possible and, if you have not already done so, enable automatic delivery of updates using Windows Update (this option is enabled by default).
be secure.
Source: https://habr.com/ru/post/314816/
All Articles