Spring is in the air and so are a number of bulletins! This month’s Patch Tuesday consists of 13 security bulletins – six critical and seven important – that remediate a total of 44 vulnerabilities. Although the number of security bulletins is one of the highest seen this year, the overall number of fixes remains relatively low. This is good news for organizations ramping up their business activities this spring.
One of the critical bulletins (MS16-023) resolves 13 vulnerabilities in Internet Explorer. Surprisingly, five resolve issues in Internet Explorer 9, which was scheduled to be decommissioned back in January. Organizations using a browser older than Internet Explorer 11 can breathe a sigh of relief as their browsers are updated for the second month in a row. Regardless of this update, it’s highly recommended to plan your migration to a new browser soon rather than later.
In addition to the browser updates, there are five other Remote Code Execution Vulnerabilities and four Elevations of Privilege, which should be a priority. All 13 patches recommend a reboot to ensure the vulnerability has been remediated. Unfortunately, this will be a headache for your users.
Adobe to Release 6 Updates
February’s Microsoft updates contained a patch that specifically secures Flash within Microsoft Office. Adobe had its own updates for February in the release of APSB16-04 and will release six more updates with priority two classification this month.
As a point of interest, these updates are not yet being exploited. Affected products targeted by these critical vulnerabilities include Acrobat DC and Acrobat Reader DC 15.010.20059, Acrobat and Acrobat Reader DC 15.006.30119 and Acrobat XI and Reader XI 11.0.14 with earlier versions. Adobe is known for routinely sending patch updates to all its products with most vulnerabilities being discovered in-house.
Near the end of 2015, Adobe released 70-plus patches between October and December. There were 77 released in December for Flash alone! They were all rated critical, and with the growing use of Flash by websites, this is a major concern for end users.
An article published in Security Week noted how Adobe released updates to patch a total of 460 vulnerabilities, which included more than 100 in Acrobat and Reader. The company fixed these with three security updates that were issued in May, July and October. Acrobat and Reader received security patches for 17 exploits, which also included memory corruption vulnerabilities. It seems obvious that these vulnerability numbers will only get higher. Hopefully, Adobe will soon provide a solution to combat this issue.
Verismic recommends the following vulnerabilities be prioritized this month using vendor severity and CVSS scores; MS16-023 through MS16-030 paying particular attention to MS16-023, which is exposed to Internet Explorer memory corruption.
MS16-023 resolves vulnerabilities in Internet Explorer. If exposed, this vulnerability could allow remote-code execution if a user views a specially crafted web page using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If this vulnerability is exploited on an administrator’s machine, the attacker will be able to create spoof admin accounts enabling him to take control of this system and others, removing AV protection and potentially stealing data.
The most severe of the vulnerabilities for MS16-024 could allow remote-code execution if a user views a specially crafted webpage using Microsoft Edge. It’s important to note that only Windows 10 is affected. This update resolves 11 vulnerabilities, the second highest in this baseline, and does require a reboot.
Exploiting MS16-025 could allow remote-code execution if Microsoft Windows fails to validate the input before loading certain libraries. However, this only impacts Windows Vista and Server 2008. This vulnerability is unlikely to reach mainstream companies.
MS16-026, MS16-027 and MS16-028 are similar in that they can only exploit a network if an attacker convinces a user to open a specially crafted document. A restart is recommended to complete this update.
An attacker who successfully exploited MS16-029 or MS16-030 could run arbitrary code in the context of the current user. However, those accounts that are configured to have fewer user rights on the system could be less impacted than those that operate with administrative user rights.
MS16-031 resolves a vulnerability in Microsoft Windows. The vulnerability could allow Elevation of Privilege if attackers are able to log on and enter a target system and run a specially crafted application. A reboot is required to complete this update.
MS16-032 is marked as important and uses a secondary logon to address Elevation of Privilege, which affects all supported versions of Windows. If the secondary logon service fails to manage memory requests correctly, then this will be exploited. A restart is recommended to complete this update.
MS16-033 resolves vulnerabilities in external access devices specifically specially crafted USBs. If inserted into a device, they could allow the attacker elevated privileges access to the system. This patch is rated important, and a restart is recommended to complete this update.
MS16-034 blocks Elevation off Privilege if an attacker logs into the system and runs a specially crafted application to attack Windows Kernel-Mode drivers. It is rated important, and a restart is required to complete this update.
MS16-035 marks the third month in a row that Microsoft has released a similar .Net Framework update. This vulnerability bypasses the security features of .Net using a specially crafted XML document and is marked as important. A restart is recommended to complete this update.
Read the full article at channelpartners.com.