Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses 11 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-680 on Wednesday, July 13th.

Ease of Use (published exploits) to Risk Table

Automated Exploit
Easy
Moderate
Difficult
Extremely Difficult
No Known Exploit
MS16-089
MS16-091

MS16-092
MS16-094
MS16-084
MS16-085

MS16-086
MS16-088
MS16-093
MS16-087
MS16-090
Exposure
Local
Availability
Local
Access
Remote
Availability
Remote
Access
Local
Privileged
Remote
Privileged

 

 

MS16-084

Cumulative Security Update for Internet Explorer KB3169991

MS16-085

Cumulative Security Update for Microsoft Edge KB3169999

MS16-086

Cumulative Security Update for JScript and VBScript KB3169996

MS16-087

Security Update for Windows Print Spooler Components KB3170005

MS16-088

Security Update for Microsoft Office KB3170008

MS16-089

Security Update for Windows Secure Kernel Mode KB3170050

MS16-090

Security Update for Windows Kernel-Mode Drivers KB3171481

MS16-091

Security Update for .NET Framework KB3170048

MS16-092

Security Update for Windows Kernel KB3171910

MS16-093

Security Update for Adobe Flash Player KB3174060

MS16-094

Secure Boot Security Feature Bypass Vulnerability KB3175677

MS16-084

This month starts off like most others, with an update that resolves 15 vulnerabilities in Internet Explorer. In a rare occurrence, none of these vulnerabilities have been disclosed publicly this month. Once again, a number of the vulnerabilities overlap with the Microsoft Edge vulnerabilities resolved by MS16-085.

MS16-085

Following the Internet Explorer update, we have the Microsoft Edge update, which contains quite a bit of overlap with the MS16-084 bulletin and only a few unique vulnerabilities. Like Internet Explorer, none of these vulnerabilities were publicly disclosed.

MS16-086

Next, we have an update to JScript and VBScript, another monthly regular lately. You’ll notice overlap with the Internet Explorer. This update only applies to users without Internet Explorer or with IE7 installed; all other users are covered after installing the Internet Explorer update (MS16-084).

MS16-087

One of the more unique bulletins this month is MS16-086, resolving a pair of vulnerabilities affecting the Windows Print Spooler, which hasn’t seen an update in several years. One of these vulnerabilities allows a malicious print server or MitM to install malicious print drivers. The update addresses the vulnerability by issuing a warning to users attempting to install untrusted drivers. This is important to note, as the bulletin does not state that it prevents the installation of these drivers. This means that user education should be associated with this update.

MS16-088

A number of vulnerabilities in both the Microsoft Office Suite and Microsoft Office WebApps are addressed in this bulletin. One of the more important points to pay attention to is the mention that several of the vulnerabilities can be exploited via the Preview Pane. Thankfully, none of the vulnerabilities in this bulletin have been publicly disclosed or exploited.

MS16-089

This next bulletin describes a single information disclosure vulnerability that only affects Windows 10, allowing someone logged into the system to access sensitive information.

MS16-090

Another monthly regular, the Windows Kernel-Mode Drivers bulletin resolves a number of vulnerabilities impacting Win32k.

MS16-091

While we frequently see .NET in the monthly bulletin summary, we rarely see it contain only a single information disclosure vulnerability. The vulnerability could allow an attacker to read files, if they can find an application that will parse their malicious XML file.

MS16-092

A pair of vulnerabilities affecting the Windows Kernel are resolved by MS16-092.

CVE-2016-3272 has been publicly disclosed.

MS16-093

The penultimate update this month, MS16-093, is actually APSB16-025 in disguise and references a number of Adobe Flash Player vulnerabilities.

MS16-094

We end the month with an update to Secure Boot that resolves a vulnerability affecting Windows 8.1 and newer. Given that this vulnerability was disclosed publicly and the bulletin was included after Flash Player, which is traditionally the final bulletin of the month, Microsoft may have moved quickly to release this patch. If that is true, thoroughly test this patch before deploying it in your environment.

CVE-2016-3287 has been publicly disclosed.

Additional Details

Adobe has released APSB16-25 for Flash Player and APSB16-26 for Acrobat and Reader.

As always, VERT recommends that you apply all the patches as soon as possible but also that you fully vet patches (when possible) before applying them to production systems.