Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses 10 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-693 on Wednesday, October 12th.

EASE OF USE (PUBLISHED EXPLOITS) TO RISK TABLE

Automated Exploit
Easy
Moderate
Difficult
 
 
MS16-118
MS16-119
MS16-120
MS16-121
 
 
 
Extremely Difficult
 
 
 
 
 
 
No Known Exploit
MS16-126
 
MS16-122
MS16-127
 
MS16-123
MS16-124
MS16-125
Exposure
Local
Availability
Local
Access
Remote
Availability
Remote
Access
Local
Privileged
Remote
Privileged

 

 

MS16-118 Cumulative Security Update for Internet Explorer KB3192887
MS16-119 Cumulative Security Update for Microsoft Edge KB3192890
MS16-120 Security Update for Microsoft Graphics Component KB3192884
MS16-121 Security Update for Microsoft Office KB3194063
MS16-122 Security Update for Microsoft Video Control KB3195260
MS16-123 Security Update for Windows Kernel-Mode Drivers KB3192892
MS16-124 Security Update for Windows Registry KB3193227
MS16-125 Security Update for Windows Diagnostics Hub KB3193229
MS16-126 Security Update for Microsoft Internet Messaging API KB3196067
MS16-127 Security Update for Adobe Flash Player KB3194343

 

MS16-118

Up first this month, we have the typical Internet Explorer update. We also have a historic bulletin, as MS16-118 will go down in history as the first bulletin to contain a reference to the Monthly Roll-up and Security Only bundles from Microsoft. The bulletin itself is relatively standard without any real surprises. The only real note is that for CVE-2016-3298, both MS16-118 and MS16-126 must be installed on Windows Vista and Server 2008 platforms.

CVE-2016-3298 has been exploited.

MS16-119

The monthly Edge update is a rather typical round up of Edge-related vulnerabilities with the usual select of issues that also impact Internet Explorer. Interestingly, while both browsers are impacted by a publicly exploited vulnerability, they are different vulnerabilities.

CVE-2016-7189 has been exploited.

MS16-120

Up next, we have an exercise in complexity. The Microsoft Graphics Component update fixes vulnerabilities related to TTF, GDI+, and Win32k across a number of products including Windows, .NET, Office, Lync, and Silverlight. The end result is a massive number of available patches and updates.

CVE-2016-3393 has been exploited.

MS16-121

This month’s Office update resolves a single vulnerability impacting all supported versions of Office. Attackers could exploit this vulnerability with a malicious RTF file.

CVE-2016-7193 has been exploited.

MS16-122

MS16-122 resolves a single vulnerability in the Microsoft Video Control. This vulnerability can be exploited via the Preview Pane, which is why it has been identified critical.

MS16-123

Up next, we have a security update for Windows Kernel-Mode drivers. This is a great bulletin to demonstrate the intended benefit of the new Monthly Roll-up from Microsoft. You can see that multiple patches are required for Windows Vista and Server 2008, while newer platforms offer two choices, monthly roll-up or security only update.

MS16-124

The MS16-124 bulletin fixes a number of issues with the Windows Kernel API and Windows Registry that allow authenticated users to gain access to information that should be restricted.

MS16-125

A single vulnerability in the Windows Diagnostics Hub that could allow privilege elevation on Windows 10 is patched in MS16-125. A custom application could be executed on the host that will incorrectly load malicious libraries, leading to full control of the system.

MS16-126

The penultimate update this month resolves a vulnerability in the Microsoft Internet Messaging API. This is the second updated required along side MS16-118 to resolve CVE-2016-3298 on Windows Vista and Server 2008.

CVE-2016-3298 has been exploited.

MS16-127

The final update this month resolves a number of vulnerabilities in Adobe Flash. The vulnerabilities covered in MS16-127 are also covered by Adobe Security Bulletin APSB16-32.

 

As always, VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.