December2016 patchtuesdayshavlik
-
Upload
landesk -
Category
Technology
-
view
243 -
download
1
Transcript of December2016 patchtuesdayshavlik
Patch Tuesday WebinarWednesday, December 14th, 2016
Chris Goettl• Sara Otremba• Ryan Worlton
Dial In: 1-855-749-4750 (US) Attendees: 921 738 737
Agenda
December 2016 Patch Tuesday Overview
Known Issues
Bulletins
Q & A
1
2
3
4
Best Practices
Privilege Management Mitigates Impact of many exploits
High Threat Level vulnerabilities warrant fast rollout. 2 weeks or less is ideal to reduce exposure.
User Targeted – Whitelisting and Containerization mitigate
Industry News
Is Edge the most secure browser? Microsoft likes to claim so, but researchers are arguing otherwise. Edge SMARTSCREEN can apparently be used to scam users into clicking malicious links. https://www.onmsft.com/news/flaw-in-microsoft-edge-can-turn-smartscreen-into-scamming-device-say-researchers
Mozilla Zero Day! Update 50.0.2 was released on November 30th. If you have not already, update your Mozilla browsers. http://www.zdnet.com/article/firefox-zero-day-mozilla-tor-issue-critical-patches-to-block-active-attacks/
Adobe Flash Zero Day update released on Patch Tuesday. https://threatpost.com/adobe-patches-flash-zero-day-under-attack/121567/
November Patches had a number of known issues reported later in the month. Most seem to be around Lenovo hardware that have an update available. https://technet.microsoft.com/en-us/library/security/ms16-nov.aspx
Some Lenovo servers do not start after this update is installed. Lenovo is aware of this problem and has released a UEFI update to address it. In the interim, Microsoft has changed the detection logic in the update to prevent additional customers from being affected. For more information, see https://support.lenovo.com/us/en/solutions/ht502912.
CSWU-043: Cumulative update for Windows 10: December, 2016
Maximum Severity: Critical Affected Products: Windows 10, Edge, Internet Explorer, Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-144, MS16-145, MS16-147, MS16-149, MS16-150, MS16-151, MS16-152, MS16-153
Impact: Remote Code Execution, Elevation of Privilege, Fixes 26 vulnerabilities:
CVE-2016-7202, CVE-2016-7278, CVE-2016-7279, CVE-2016-7281, CVE-2016-7282, CVE-2016-7283, CVE-2016-7284, CVE-2016-7287, CVE-2016-7181, CVE-2016-7206, CVE-2016-7280, CVE-2016-7286, CVE-2016-7288, CVE-2016-7296, CVE-2016-7297, CVE-2016-7257, CVE-2016-7272, CVE-2016-7273, CVE-2016-7274, CVE-2016-7219, CVE-2016-7292, CVE-2016-7271, CVE-2016-7259, CVE-2016-7260, CVE-2016-7258, CVE-2016-7295
Restart Required: Requires Restart
SB16-005, SB16-006, SB16-007: December, 2016 Security Only Update
Maximum Severity: Critical Affected Products: Windows, Internet ExplorerDescription: This update is the Security Only Quality Update for Windows 7, 8.1, Server 2008 R2, 2012, and 2012 R2 systems: MS16-144, MS16-146, MS16-147, MS16-149, MS16-151, MS16-153
Impact: Remote Code Execution, Elevation of Privilege, Fixes 17 vulnerabilities:
CVE-2016-7202, CVE-2016-7278, CVE-2016-7279, CVE-2016-7281, CVE-2016-7282, CVE-2016-7283, CVE-2016-7284, CVE-2016-7287, CVE-2016-7257, CVE-2016-7272, CVE-2016-7273, CVE-2016-7274, CVE-2016-7219, CVE-2016-7292, CVE-2016-7259, CVE-2016-7260, CVE-2016-7295
Restart Required: Requires Restart
CR16-005, CR16-006, CR16-007: December, 2016 Security Monthly Quality Update
Maximum Severity: Critical Affected Products: Windows, Internet ExplorerDescription: This update is the Security Only Quality Update for Windows 7, 8.1, Server 2008 R2, 2012, and 2012 R2 systems: MS16-144, MS16-146, MS16-147, MS16-149, MS16-151, MS16-153
Impact: Remote Code Execution, Elevation of Privilege, Fixes 17 vulnerabilities:
CVE-2016-7202, CVE-2016-7278, CVE-2016-7279, CVE-2016-7281, CVE-2016-7282, CVE-2016-7283, CVE-2016-7284, CVE-2016-7287, CVE-2016-7257, CVE-2016-7272, CVE-2016-7273, CVE-2016-7274, CVE-2016-7219, CVE-2016-7292, CVE-2016-7259, CVE-2016-7260, CVE-2016-7295
Restart Required: Requires Restart
MS16-144: Cumulative Security Update for Internet Explorer (3204059)
Maximum Severity: Critical Affected Products: IEDescription: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Impact: Remote Code ExecutionFixes 9 vulnerabilities:
CVE-2016-7202(Publicly Disclosed), CVE-2016-7278, CVE-2016-7279, CVE-2016-7281(Publicly Disclosed), CVE-2016-7282(Publicly Disclosed), CVE-2016-7283, CVE-2016-7284, CVE-2016-7287
Restart Required: Requires Restart
MS16-145: Cumulative Security Update for Microsoft Edge (3204062)
Maximum Severity: Critical Affected Products: EdgeDescription: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
Impact: Remote Code ExecutionFixes 10 vulnerabilities:
CVE-2016-7206(Publicly Disclosed),CVE-2016-7279, CVE-2016-7280, CVE-2016-7281(Publicly Disclosed), CVE-2016-7282(Publicly Disclosed), CVE-2016-7286, CVE-2016-7287, CVE-2016-7288, CVE-2016-7296, CVE-2016-7297
Restart Required: Requires Restart
MS16-146: Security Update for Microsoft Graphics Component (3204066)
Maximum Severity: Critical Affected Products: WindowsDescription: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impact: Remote Code ExecutionFixes 3 vulnerabilities:
CVE-2016-7257, CVE-2016-7272, CVE-2016-7273
Restart Required: Requires Restart
MS16-147: Security Update for Microsoft Uniscribe (3204063)
Maximum Severity: Critical Affected Products: WindowsDescription: This security update resolves a vulnerability in Windows Uniscribe. The vulnerability could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impact: Remote Code ExecutionFixes 1 vulnerabilities:
CVE-2016-7274
Restart Required: Requires Restart
MS16-148: Security Update for Microsoft Office (3204068)
Maximum Severity: CriticalAffected Products: Office, SharePoint and Office WebAppsDescription: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Impact: Remote Code ExecutionFixes 16 vulnerabilities:
CVE-2016-7257, CVE-2016-7262, CVE-2016-7263, CVE-2016-7264, CVE-2016-7265, CVE-2016-7266, CVE-2016-7267, CVE-2016-7268, CVE-2016-7275, CVE-2016-7276, CVE-2016-7277, CVE-2016-7289, CVE-2016-7290, CVE-2016-7291, CVE-2016-7298, CVE-2016-7300
Restart Required: May Require Restart
MS16-154: Security Update for Adobe Flash Player (3209498)
Maximum Severity: CriticalAffected Products: Windows, Adobe Flash PlayerDescription: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.
Impact: Remote Code ExecutionFixes 17 vulnerabilities:
CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892
Restart Required: Requires Restart
MS16-155: Security Update for .NET Framework (3205640)
Maximum Severity: ImportantAffected Products: Windows, .Net FrameworkDescription: This security update resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. A security vulnerability exists in Microsoft .NET Framework 4.6.2 that could allow an attacker to access information that is defended by the Always Encrypted feature.
Impact: Information DisclosureFixes 1 vulnerabilities:
CVE-2016-7270 (Publicly Disclosed)
Restart Required: Requires Restart
APSB16-39: Security Update for Adobe Flash Player
Maximum Severity: CriticalAffected Products: Adobe Flash Player Desktop Runtime, Google Chrome, Microsoft Edge and Internet Explorer 11 and Adobe Flash Player for LinuxDescription: This security update resolves use-after-free vulnerabilities that could lead to code execution, buffer overflow vulnerabilities and memory corruption issues in Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.
Impact: Remote Code ExecutionFixes 17 vulnerabilities:
CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892 (exploited in the wild)
Restart Required: Requires Restart
2016-94: Security Update for Mozilla Firefox 50.1
Maximum Severity: CriticalAffected Products: FirefoxDescription: This security update resolves a number of issues including use-after-free vulnerabilities that could lead to code execution, buffer overflow vulnerabilities and memory corruption issues. If you have not already applied 50.0.2, zero day (CVE-2016-9079) which was released on November 30th.
Impact: Remote Code ExecutionFixes 13 vulnerabilities:
CVE-2016-9893, CVE-2016-9080, CVE-2016-9903, CVE-2016-9902, CVE-2016-9901, CVE-2016-9904, CVE-2016-9900, CVE-2016-9898, CVE-2016-9897, CVE-2016-9896, CVE-2016-9895, CVE-2016-9899, CVE-2016-9894
Restart Required: Requires Restart
MS16-149: Security Update for Microsoft Windows (3205655)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially crafted application.
Impact: Elevation of PrivilegeFixes 2 vulnerabilities:
CVE-2016-7219, CVE-2016-7292
Restart Required: Requires Restart
MS16-150: Security Update for Secure Kernel Mode (3205642)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if a locally-authenticated attacker runs a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL).
Impact: Elevation of PrivilegeFixes 1 vulnerabilities:
CVE-2016-7271
Restart Required: Requires Restart
MS16-151: Security Update for Windows Kernel-Mode Drivers (3205651)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.
Impact: Elevation of PrivilegeFixes 2 vulnerabilities:
CVE-2016-7259, CVE-2016-7260
Restart Required: Requires Restart
MS16-152: Security Update for Windows Kernel (3199709)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows kernel improperly handles objects in memory.
Impact: Information DisclosureFixes 1 vulnerabilities:
CVE-2016-7258
Restart Required: Requires Restart
MS16-153: Security Update for Common Log File System Driver (3207328)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to bypass security measures on the affected system allowing further exploitation.
Impact: Information DisclosureFixes 1 vulnerabilities:
CVE-2016-7295
Restart Required: Requires Restart
Between Patch Tuesdays New Product Support: Microsoft Enhanced Mitigation Experience Toolkit, Adobe Creative Cloud, TreeSize Free, SQL Server 2016 SP1 Security Updates: Chrome (3), Skype (2), Tomcat (5), Firefox (3), VMware Player (1), Microsoft (2), Foxit (2), Wireshark (1), Notepad++ (2), Thunderbird (2), Opera (1), TortoiseSVN (1), FileZilla (2), Non-Security Updates: AutoCAD Map (1), Dropbox (2), GoodSync (7), Microsoft (44), Ccleaner (2), Slack Machine-Wide Installer (3), Foxit Phantom (1), Xmind (1), Google Drive (2), CDBurnerXP (1), NitroPro (1), PDFCreator (1), RealVNC Connect (1), Adobe Creative Cloud (1), GoToMeeting (1), HipChat (2), TreeSize Free (1), TeamViewer (1), WinSCP (1), PDF-Xchange Pro (1), Programmers Notepad (1), Citrix Receiver (1), Malwarebytes (1), WebEx Productivity Tools (1) Security Tools:Software Distribution: Windows Management Framework
Resources and Webinars
Get Shavlik Content Updates
Get Social with Shavlik
Sign up for next months Patch Tuesday Webinar
Watch previous webinars and download presentation.
Thank you