february 2016 shavlik patch tuesday presentation
TRANSCRIPT
Patch Tuesday WebinarWednesday, February 10th, 2016
Chris Goettl• Sr. Product Manager
Dial In: 1-855-749-4750 (US) Attendees: 929 080 249
Agenda
February 2016 Patch Tuesday Overview
Known Issues
Bulletins
Q & A
1
2
3
4
Industry NewsDLL Hijacking vulnerability CVE-2016-0603 resolved in Oracle Java out of band release. German security researcher has identified many other products that are susceptible.
Flash Player redistribution to require EA with Adobe starting March 1st, 2016 (was February until recently)
CSWU-020: Cumulative Update for Windows 10: February 9, 2016
Maximum Severity: Critical Affected Products: Windows 10, Edge, Internet ExplorerDescription: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-009, MS16-011, MS16-012, MS16-013, MS16-014, MS16-016, MS16-017, MS16-018, MS16-019, and MS16-022.
Impact: Remote Code Execution, Elevation of Privilege, Denial of ServiceFixes 26 vulnerabilities:
CVE-2016-0033, CVE-2016-0036, CVE-2016-0038, CVE-2016-0040 (Publicly Disclosed), CVE-2016-0041, CVE-2016-0042, CVE-2016-0044, CVE-2016-0046, CVE-2016-0047, CVE-2016-0048, CVE-2016-0049, CVE-2016-0051, CVE-2016-0058, CVE-2016-0059, CVE-2016-0060, CVE-2016-0061, CVE-2016-0062, CVE-2016-0063, CVE-2016-0064, CVE-2016-0067, CVE-2016-0068, CVE-2016-0069, CVE-2016-0071, CVE-2016-0072, CVE-2016-0077, CVE-2016-0080, CVE-2016-0084
Restart Required: Requires Restart
MS16-009: Cumulative Security Update for Internet Explorer (3134220)
Maximum Severity: Critical Affected Products: Internet ExplorerDescription: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Impact: Remote Code ExecutionFixes 13 vulnerabilities:
CVE-2016-0041, CVE-2016-0059, CVE-2016-0060, CVE-2016-0061, CVE-2016-0062, CVE-2016-0063, CVE-2016-0064, CVE-2016-0067, CVE-2016-0068, CVE-2016-0069, CVE-2016-0071, CVE-2016-0072, CVE-2016-0077
Restart Required: Requires Restart
MS16-011: Cumulative Security Update for Microsoft Edge (3134225)
Maximum Severity: Critical Affected Products: EdgeDescription: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Impact: Remote Code ExecutionFixes 6 vulnerabilities:
CVE-2016-0060, CVE-2016-0061, CVE-2016-0062, CVE-2016-0077, CVE-2016-0080, CVE-2016-0084
Restart Required: Requires Restart
MS16-012: Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3138938)
Maximum Severity: Critical Affected Products: Microsoft WindowsDescription: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Microsoft Windows PDF Library improperly handles application programming interface (API) calls, which could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. However, an attacker would have no way to force users to download or open a malicious PDF document.
Impact: Remote Code ExecutionFixes 2 vulnerabilities:
CVE-2016-0046, CVE-2016-0058
Restart Required: May Require Restart
MS16-013: Security Update for Windows Journal to Address Remote Code Execution (3134811)
Maximum Severity: Critical Affected Products: Microsoft WindowsDescription: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impact: Remote Code ExecutionFixes 1 vulnerabilities:
CVE-2016-0038
Restart Required: May Require Restart
MS16-014: Security Update for Microsoft Windows to Address Remote Code Execution (3134228)
Maximum Severity: Important Affected Products: Microsoft WindowsDescription: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application.
Impact: Remote Code ExecutionFixes 5 vulnerabilities:
CVE-2016-0040 (Publicly Disclosed), CVE-2016-0041, CVE-2016-0042, CVE-2016-0044, CVE-2016-0049
Restart Required: Requires Restart
MS16-015: Security Update for Microsoft Office to Address Remote Code Execution (3134226)
Maximum Severity: Critical Affected Products: Microsoft Office, SharepointDescription: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Impact: Remote Code ExecutionFixes 7 vulnerabilities:
CVE-2016-0022, CVE-2016-0039 (Publicly Disclosed), CVE-2016-0052, CVE-2016-0053, CVE-2016-0054, CVE-2016-0055, CVE-2016-0056
Restart Required: May Require Restart
MS16-022: Security Update for Adobe Flash Player (3135782)
Maximum Severity: CriticalAffected Products: Microsoft Windows, Adobe Flash PlayerDescription: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Impact: Remote Code ExecutionFixes 22 vulnerabilities:
Resolved by Adobe Flash Player update. See APSB16-004 bulletin for details.
Restart Required:
APSB16-04: Security updates available for Adobe Flash Player
Maximum Severity: Priority 1 Affected Products: Flash PlayerDescription: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Impact: Remote Code ExecutionFixes 22 vulnerabilities:
CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985
Restart Required:
CHROME-160: Google Chrome 48.0.2564.109
Maximum Severity: High Affected Products: Flash PlayerDescription: The stable channel has been updated to 48.0.2564.109 for Windows, Mac, and Linux.
Impact: Same-origin bypass, buffer overflow, out-of-bounds read Fixes 6 vulnerabilities:
CVE-2016-1622, CVE-2016-1623, CVE-2016-1624, CVE-2016-1625, CVE-2016-1626, CVE-2016-1627,
Restart Required:
Java8u73: Critical Security Update for Java Runtime
Maximum Severity: Critical Affected Products: Java SEDescription: This update release contains several enhancements and changes.Impact: Remote Code ExecutionFixes 1 vulnerabilities:
CVE-2016-0603
Restart Required: May Require Restart (almost always)
MS16-016: Security Update for WebDAV to Address Elevation of Privilege (3136041)
Maximum Severity: ImportantAffected Products: Microsoft WindowsDescription: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker uses the Microsoft Web Distributed Authoring and Versioning (WebDAV) client to send specifically crafted input to a server.
Impact: Elevation of PrivilegeFixes 1 vulnerabilities:
CVE-2016-0051
Restart Required: Requires Restart
MS16-017: Security Update for Remote Desktop Display Driver to Address Elevation of Privilege (3134700)
Maximum Severity: ImportantAffected Products: Windows Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an authenticated attacker logs on to the target system using RDP and sends specially crafted data over the connection. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.
Impact: Elevation of Privilege Fixes 1 vulnerabilities:
CVE-2016-0036
Restart Required: Requires Restart
MS16-018: Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Impact: Elevation of Privilege Fixes 1 vulnerabilities:
CVE-2016-0048
Restart Required: Requires Restart
MS16-019: Security Update for .NET Framework to Address Denial of Service (3137893)
Maximum Severity: ImportantAffected Products: Windows, .Net FrameworkDescription: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
Impact: Denial of ServiceFixes 1 vulnerabilities:
CVE-2016-0048
Restart Required: May Require Restart
MS16-020: Security Update for Active Directory Federation Services to Address Denial of Service (3134222)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow denial of service if an attacker sends certain input data during forms-based authentication to an ADFS server, causing the server to become nonresponsive.
Impact: Denial of ServiceFixes 1 vulnerabilities:
CVE-2016-0037
Restart Required: May Require Restart
MS16-021: Security Update for NPS RADIUS Server to Address Denial of Service (3133043)
Maximum Severity: ImportantAffected Products: WindowsDescription: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could cause denial of service on a Network Policy Server (NPS) if an attacker sends specially crafted username strings to the NPS, which could prevent RADIUS authentication on the NPS.
Impact: Denial of ServiceFixes 1 vulnerabilities:
CVE-2016-0050
Restart Required: May Require Restart
Resources and Webinars
Get Shavlik Content Updates
Get Social with Shavlik
Sign up for next months Patch Tuesday Webinar
Watch previous webinars and download presentation.
Thank you