december2016 patchtuesdayshavlik

Patch Tuesday WebinarWednesday, December 14th, 2016

Chris Goettl• Sara Otremba• Ryan Worlton

Dial In: 1-855-749-4750 (US) Attendees: 921 738 737

Agenda

December 2016 Patch Tuesday Overview

Known Issues

Bulletins

Q & A

1

2

3

4

Best Practices

Privilege Management Mitigates Impact of many exploits

High Threat Level vulnerabilities warrant fast rollout. 2 weeks or less is ideal to reduce exposure.

User Targeted – Whitelisting and Containerization mitigate

Industry News

Is Edge the most secure browser? Microsoft likes to claim so, but researchers are arguing otherwise. Edge SMARTSCREEN can apparently be used to scam users into clicking malicious links. https://www.onmsft.com/news/flaw-in-microsoft-edge-can-turn-smartscreen-into-scamming-device-say-researchers

Mozilla Zero Day! Update 50.0.2 was released on November 30th. If you have not already, update your Mozilla browsers. http://www.zdnet.com/article/firefox-zero-day-mozilla-tor-issue-critical-patches-to-block-active-attacks/

Adobe Flash Zero Day update released on Patch Tuesday. https://threatpost.com/adobe-patches-flash-zero-day-under-attack/121567/

November Patches had a number of known issues reported later in the month. Most seem to be around Lenovo hardware that have an update available. https://technet.microsoft.com/en-us/library/security/ms16-nov.aspx

Some Lenovo servers do not start after this update is installed. Lenovo is aware of this problem and has released a UEFI update to address it. In the interim, Microsoft has changed the detection logic in the update to prevent additional customers from being affected. For more information, see https://support.lenovo.com/us/en/solutions/ht502912.

CSWU-043: Cumulative update for Windows 10: December, 2016

Maximum Severity: Critical Affected Products: Windows 10, Edge, Internet Explorer, Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-144, MS16-145, MS16-147, MS16-149, MS16-150, MS16-151, MS16-152, MS16-153

Impact: Remote Code Execution, Elevation of Privilege, Fixes 26 vulnerabilities:

CVE-2016-7202, CVE-2016-7278, CVE-2016-7279, CVE-2016-7281, CVE-2016-7282, CVE-2016-7283, CVE-2016-7284, CVE-2016-7287, CVE-2016-7181, CVE-2016-7206, CVE-2016-7280, CVE-2016-7286, CVE-2016-7288, CVE-2016-7296, CVE-2016-7297, CVE-2016-7257, CVE-2016-7272, CVE-2016-7273, CVE-2016-7274, CVE-2016-7219, CVE-2016-7292, CVE-2016-7271, CVE-2016-7259, CVE-2016-7260, CVE-2016-7258, CVE-2016-7295

Restart Required: Requires Restart

SB16-005, SB16-006, SB16-007: December, 2016 Security Only Update

Maximum Severity: Critical Affected Products: Windows, Internet ExplorerDescription: This update is the Security Only Quality Update for Windows 7, 8.1, Server 2008 R2, 2012, and 2012 R2 systems: MS16-144, MS16-146, MS16-147, MS16-149, MS16-151, MS16-153


CVE-2016-7202, CVE-2016-7278, CVE-2016-7279, CVE-2016-7281, CVE-2016-7282, CVE-2016-7283, CVE-2016-7284, CVE-2016-7287, CVE-2016-7257, CVE-2016-7272, CVE-2016-7273, CVE-2016-7274, CVE-2016-7219, CVE-2016-7292, CVE-2016-7259, CVE-2016-7260, CVE-2016-7295


CR16-005, CR16-006, CR16-007: December, 2016 Security Monthly Quality Update

Maximum Severity: Critical Affected Products: Windows, Internet ExplorerDescription: This update is the Security Only Quality Update for Windows 7, 8.1, Server 2008 R2, 2012, and 2012 R2 systems: MS16-144, MS16-146, MS16-147, MS16-149, MS16-151, MS16-153




MS16-144: Cumulative Security Update for Internet Explorer (3204059)

Maximum Severity: Critical Affected Products: IEDescription: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Impact: Remote Code ExecutionFixes 9 vulnerabilities:

CVE-2016-7202(Publicly Disclosed), CVE-2016-7278, CVE-2016-7279, CVE-2016-7281(Publicly Disclosed), CVE-2016-7282(Publicly Disclosed), CVE-2016-7283, CVE-2016-7284, CVE-2016-7287


MS16-145: Cumulative Security Update for Microsoft Edge (3204062)

Maximum Severity: Critical Affected Products: EdgeDescription: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.


CVE-2016-7206(Publicly Disclosed),CVE-2016-7279, CVE-2016-7280, CVE-2016-7281(Publicly Disclosed), CVE-2016-7282(Publicly Disclosed), CVE-2016-7286, CVE-2016-7287, CVE-2016-7288, CVE-2016-7296, CVE-2016-7297


MS16-146: Security Update for Microsoft Graphics Component (3204066)

Maximum Severity: Critical Affected Products: WindowsDescription: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.


CVE-2016-7257, CVE-2016-7272, CVE-2016-7273


MS16-147: Security Update for Microsoft Uniscribe (3204063)

Maximum Severity: Critical Affected Products: WindowsDescription: This security update resolves a vulnerability in Windows Uniscribe. The vulnerability could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.


CVE-2016-7274


MS16-148: Security Update for Microsoft Office (3204068)

Maximum Severity: CriticalAffected Products: Office, SharePoint and Office WebAppsDescription: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.


CVE-2016-7257, CVE-2016-7262, CVE-2016-7263, CVE-2016-7264, CVE-2016-7265, CVE-2016-7266, CVE-2016-7267, CVE-2016-7268, CVE-2016-7275, CVE-2016-7276, CVE-2016-7277, CVE-2016-7289, CVE-2016-7290, CVE-2016-7291, CVE-2016-7298, CVE-2016-7300

Restart Required: May Require Restart

MS16-154: Security Update for Adobe Flash Player (3209498)

Maximum Severity: CriticalAffected Products: Windows, Adobe Flash PlayerDescription: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.




MS16-155: Security Update for .NET Framework (3205640)

Maximum Severity: ImportantAffected Products: Windows, .Net FrameworkDescription: This security update resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. A security vulnerability exists in Microsoft .NET Framework 4.6.2 that could allow an attacker to access information that is defended by the Always Encrypted feature.

Impact: Information DisclosureFixes 1 vulnerabilities:

CVE-2016-7270 (Publicly Disclosed)


APSB16-39: Security Update for Adobe Flash Player

Maximum Severity: CriticalAffected Products: Adobe Flash Player Desktop Runtime, Google Chrome, Microsoft Edge and Internet Explorer 11 and Adobe Flash Player for LinuxDescription: This security update resolves use-after-free vulnerabilities that could lead to code execution, buffer overflow vulnerabilities and memory corruption issues in Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.


CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892 (exploited in the wild)


2016-94: Security Update for Mozilla Firefox 50.1

Maximum Severity: CriticalAffected Products: FirefoxDescription: This security update resolves a number of issues including use-after-free vulnerabilities that could lead to code execution, buffer overflow vulnerabilities and memory corruption issues. If you have not already applied 50.0.2, zero day (CVE-2016-9079) which was released on November 30th.


CVE-2016-9893, CVE-2016-9080, CVE-2016-9903, CVE-2016-9902, CVE-2016-9901, CVE-2016-9904, CVE-2016-9900, CVE-2016-9898, CVE-2016-9897, CVE-2016-9896, CVE-2016-9895, CVE-2016-9899, CVE-2016-9894


MS16-149: Security Update for Microsoft Windows (3205655)

Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially crafted application.

Impact: Elevation of PrivilegeFixes 2 vulnerabilities:

CVE-2016-7219, CVE-2016-7292


MS16-150: Security Update for Secure Kernel Mode (3205642)

Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if a locally-authenticated attacker runs a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL).


CVE-2016-7271


MS16-151: Security Update for Windows Kernel-Mode Drivers (3205651)

Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.


CVE-2016-7259, CVE-2016-7260


MS16-152: Security Update for Windows Kernel (3199709)

Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows kernel improperly handles objects in memory.


CVE-2016-7258


MS16-153: Security Update for Common Log File System Driver (3207328)

Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to bypass security measures on the affected system allowing further exploitation.


CVE-2016-7295


Between Patch Tuesdays New Product Support: Microsoft Enhanced Mitigation Experience Toolkit, Adobe Creative Cloud, TreeSize Free, SQL Server 2016 SP1 Security Updates: Chrome (3), Skype (2), Tomcat (5), Firefox (3), VMware Player (1), Microsoft (2), Foxit (2), Wireshark (1), Notepad++ (2), Thunderbird (2), Opera (1), TortoiseSVN (1), FileZilla (2), Non-Security Updates: AutoCAD Map (1), Dropbox (2), GoodSync (7), Microsoft (44), Ccleaner (2), Slack Machine-Wide Installer (3), Foxit Phantom (1), Xmind (1), Google Drive (2), CDBurnerXP (1), NitroPro (1), PDFCreator (1), RealVNC Connect (1), Adobe Creative Cloud (1), GoToMeeting (1), HipChat (2), TreeSize Free (1), TeamViewer (1), WinSCP (1), PDF-Xchange Pro (1), Programmers Notepad (1), Citrix Receiver (1), Malwarebytes (1), WebEx Productivity Tools (1) Security Tools:Software Distribution: Windows Management Framework

Resources and Webinars

Get Shavlik Content Updates

Get Social with Shavlik

Sign up for next months Patch Tuesday Webinar

Watch previous webinars and download presentation.

http://protect7.shavlik.com/feed/

http://protect7.shavlik.com/feed/

https://twitter.com/shavlikxml

https://twitter.com/shavlikprotect

https://www.linkedin.com/company/shavlik-technologies

http://blog.shavlik.com/

http://www.shavlik.com/webinars/

Thank you

december2016 patchtuesdayshavlik

Technology