See the full blog post here: http://blog.shavlik.com/march-patch-tuesday-2016/
March Patch Tuesday has a great deal of updates, but no public disclosures or exploited vulnerabilities as of yet. Let’s start with what we know for sure: Microsoft has released 13 bulletins, five of which are critical and eight are rated as important. With these bulletins, Microsoft is resolving 39 total vulnerabilities this month. On the non-Microsoft front, Adobe is releasing two bulletins, rated as Priority 2 and 3, that resolve four vulnerabilities.
Additionally, Mozilla FireFox 45 has been released and is rated critical, as it resolves 22 vulnerabilities.
March Patch Tuesday has a great deal of updates, but no public disclosures or exploited vulnerabilities as of yet. Let’s start with what we know for sure: Microsoft has released 13 bulletins, five of which are critical and eight are rated as important. With these bulletins, Microsoft is resolving 39 total vulnerabilities this month. On the non-Microsoft front, Adobe is releasing two bulletins, rated as Priority 2 and 3, that resolve four vulnerabilities. Additionally, Mozilla FireFox 45 has been released and is rated critical, as it resolves 22 vulnerabilities.
6. Known Issues
MS16-028 – Bulletin states it is required on Server Core. Our test confirmed
a failure to install, WSUS test confirmed update was not even offered for
Core.
MS16-025 – Bulletin states it is required on Server Core. Our test confirmed
a failure to install, WSUS test inconclusive due to no support for older version
of Server Core.
7. CSWU-022: Cumulative update for Windows 10 Version 1511 and
Windows Server 2016 Technical Preview 4: March 8, 2016
Maximum Severity: Critical
Affected Products: Windows 10, Edge, Internet Explorer
Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are
described in the following Microsoft security bulletins and advisory: MS16-023, MS16-024, MS16-026, MS16-027, MS16-028, MS16-030,
MS16-032, MS16-033, MS16-034, and MS16-035.
Impact: Remote Code Execution, Elevation of Privilege, Security Feature Bypass
Fixes 34 vulnerabilities:
CVE-2016-0091, CVE-2016-0092, CVE-2016-0093, CVE-2016-0094, CVE-2016-0095, CVE-2016-0096, CVE-2016-0098, CVE-2016-
0099, CVE-2016-0101, CVE-2016-0102, CVE-2016-0103, CVE-2016-0104, CVE-2016-0105, CVE-2016-0106, CVE-2016-0107,
CVE-2016-0108, CVE-2016-0109, CVE-2016-0110, CVE-2016-0111, CVE-2016-0112, CVE-2016-0113, CVE-2016-0114, CVE-2016-
0116, CVE-2016-0117, CVE-2016-0118, CVE-2016-0120, CVE-2016-0121, CVE-2016-0123, CVE-2016-0124, CVE-2016-0125,
CVE-2016-0129, CVE-2016-0130, CVE-2016-0132, CVE-2016-0133
Restart Required: Requires Restart
8. MS16-023: Cumulative Security Update for Internet Explorer (3142015)
Maximum Severity: Critical
Affected Products: Internet Explorer
Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow
remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this
vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker
who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change,
or delete data; or create new accounts with full user rights.
Impact: Remote Code Execution
Fixes 13 vulnerabilities:
CVE-2016-0102, CVE-2016-0103, CVE-2016-0104, CVE-2016-0105, CVE-2016-0106, CVE-2016-0107, CVE-2016-0108, CVE-2016-
0109, CVE-2016-0110, CVE-2016-0111, CVE-2016-0112, CVE-2016-0113, CVE-2016-0114
Restart Required: Requires Restart
9. MS16-024: Cumulative Security Update for Microsoft Edge (3142019)
Maximum Severity: Critical
Affected Products: Edge
Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote
code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities
could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system
could be less impacted than those who operate with administrative user rights.
Impact: Remote Code Execution
Fixes 11 vulnerabilities:
CVE-2016-0102, CVE-2016-0105, CVE-2016-0109, CVE-2016-0110, CVE-2016-0111, CVE-2016-0116, CVE-2016-0123, CVE-2016-
0124, CVE-2016-0125, CVE-2016-0129, CVE-2016-0130
Restart Required: Requires Restart
10. MS16-026: Security Update for Graphic Fonts to Address Remote Code
Execution (3143148)
Maximum Severity: Critical
Affected Products: Windows
Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow
remote code execution if an attacker either convinces a user to open a specially crafted document, or to visit a webpage that contains
specially crafted embedded OpenType fonts.
Impact: Remote Code Execution
Fixes 2 vulnerabilities:
CVE-2016-0120, CVE-2016-0121
Restart Required: Requires Restart
11. MS16-027: Security Update for Windows Media to Address Remote
Code Execution (3143146)
Maximum Severity: Critical
Affected Products: Windows
Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code
execution if a user opens specially crafted media content that is hosted on a website.
Impact: Remote Code Execution
Fixes 2 vulnerabilities:
CVE-2016-0098, CVE-2016-0101
Restart Required: May Require Restart
12. MS16-028: Security Update for Microsoft Windows PDF Library to
Address Remote Code Execution (3143081)
Maximum Severity: Critical
Affected Products: Windows
Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code
execution if a user opens a specially crafted .pdf file.
Impact: Remote Code Execution
Fixes 2 vulnerabilities:
CVE-2016-0117, CVE-2016-0118
Restart Required: May Require Restart
13. FF16-005: Version 45.0, first offered to Release channel users on March 8, 2016
Maximum Severity: Critical
Affected Products: FireFox, FireFox ESR
• Description: New features, bug fixes, security fixes included in this release.
Impact: Remote Code Execution, Use-After-Free, Buffer Overflow,
Fixes 40 vulnerabilities:
CVE-2016-1950, CVE-2016-1952, CVE-2016-1953, CVE-2016-1954, CVE-2016-1955, CVE-2016-1956, CVE-2016-1957, CVE-2016-
1958, CVE-2016-1959, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1963, CVE-2016-1964, CVE-2016-1965,
CVE-2016-1966, CVE-2016-1967, CVE-2016-1968, CVE-2016-1970, CVE-2016-1971, CVE-2016-1972, CVE-2016-1973, CVE-2016-
1974, CVE-2016-1975, CVE-2016-1976, CVE-2016-1977, CVE-2016-1979, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792,
CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-
2800, CVE-2016-2801, CVE-2016-2802,
Restart Required: Browser Restart Required
14. CHROME-163: Google Chrome 49.0.2623.87
Maximum Severity: Critical
Affected Products: Google Chrome
• Description: The stable channel has been updated to 49.0.2623.87 for Windows, Mac, and Linux.
Impact: Remote Code Execution, Use-After-Free, Buffer Overflow,
Fixes 3 vulnerabilities:
CVE-2016-1643, CVE-2016-1644, CVE-2016-1645
Restart Required: Browser Restart Required
15. MS16-025: Security Update for Windows Library Loading to Address
Remote Code Execution (3140709)
Maximum Severity: Important
Affected Products: Microsoft Windows
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution
if Microsoft Windows fails to properly validate input before loading certain libraries. However, an attacker must first gain access to the local
system with the ability to execute a malicious application.
Impact: Remote Code Execution
Fixes 1 vulnerabilities:
CVE-2016-0100
Restart Required: Requires Restart
16. MS16-029: Security Update for Microsoft Office to Address Remote
Code Execution (3141806)
Maximum Severity: Important
Affected Products: Office, Sharepoint
Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow
remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities
could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the
system could be less impacted than those who operate with administrative user rights.
Impact: Remote Code Execution
Fixes 3 vulnerabilities:
CVE-2016-0021, CVE-2016-0057, CVE-2016-0134
Restart Required: May Require Restart
17. MS16-030: Security Update for Windows OLE to Address Remote
Code Execution (3143136)
Maximum Severity: Important
Affected Products: Windows
Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow remote code
execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerabilities to execute malicious code.
However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email
message.
Impact: Remote Code Execution
Fixes 2 vulnerabilities:
CVE-2016-0091, CVE-2016-0092
Restart Required: Requires Restart
18. MS16-031: Security Update for Microsoft Windows to Address
Elevation of Privilege (3140410)
Maximum Severity: Important
Affected Products: Windows
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if
an attacker is able to log on to a target system and run a specially crafted application.
Impact: Elevation of Privilege
Fixes 1 vulnerabilities:
CVE-2016-0087
Restart Required: Requires Restart
19. MS16-032: Security Update for Secondary Logon to Address Elevation
of Privilege (3143141)
Maximum Severity: Important
Affected Products: Windows
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if
the Windows Secondary Logon Service fails to properly manage request handles in memory.
Impact: Elevation of Privilege
Fixes 1 vulnerabilities:
CVE-2016-0099
Restart Required: Requires Restart
20. MS16-033: Security Update for Windows USB Mass Storage Class
Driver to Address Elevation of Privilege (3143142)
Maximum Severity: Important
Affected Products: Windows
Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if
an attacker with physical access inserts a specially crafted USB device into the system.
Impact: Elevation of Privilege
Fixes 1 vulnerabilities:
CVE-2016-0133
Restart Required: May Require Restart
21. MS16-034: Security Update for Windows Kernel-Mode Drivers to
Address Elevation of Privilege (3143145)
Maximum Severity: Important
Affected Products: Windows
Description: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if
an attacker logs on to the system and runs a specially crafted application.
Impact: Elevation of Privilege
Fixes 4 vulnerabilities:
CVE-2016-0093, CVE-2016-0094, CVE-2016-0095, CVE-2016-0096
Restart Required: Requires Restart
22. MS16-035: Security Update for .NET Framework to Address Security
Feature Bypass (3141780)
Maximum Severity: Important
Affected Products: .Net Framework
Description: This security update resolves a vulnerability in the Microsoft .NET Framework. The security feature bypass exists in a
.NET Framework component that does not properly validate certain elements of a signed XML document.
Impact: Security Feature Bypass
Fixes 1 vulnerabilities:
CVE-2016-0132
Restart Required: May Require Restart
23. APSB16-06: Security update available for Adobe Digital Editions
Maximum Severity: Important
Affected Products: Adobe Digital Editions
Description: Adobe has released a security update for Adobe Digital Editions 4.5.0 and earlier versions. This update resolves
a critical memory corruption vulnerability that could lead to code execution.
Impact: Remote Code Execution
Fixes 1 vulnerabilities:
CVE-2016-0954
Restart Required: Application Restart Required
24. APSB16-09: Security Updates Available for Adobe Acrobat and Reader
Maximum Severity: Important
Affected Products: Adobe Acrobat and Reader
Description: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates
address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Impact: Remote Code Execution
Fixes 3 vulnerabilities:
CVE-2016-1007, CVE-2016-1008, CVE-2016-1009
Restart Required: Application Restart Required
25.
26. • Why should you attend?
• Great Value:
• Two days of hands on and deep dive
product sessions for less than one day of
consulting services
• Interaction with Shavlik Product
Managers and Systems Engineers
• Earlybird rate of $795
• And, of course, because its Vegas baby!
• For details see:
• http://www.shavlik.com/tech-summit/
27. Resources and Webinars
Get Shavlik Content Updates
Get Social with Shavlik
Sign up for next months
Patch Tuesday Webinar
Watch previous webinars
and download presentation.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
Ensure that your Internet Explorer version is at the latest for the OS you are installed on. Microsoft is only updating the latest version for each supported OS since January 2016. For details please see: https://support.microsoft.com/en-us/lifecycle#gp/Microsoft-Internet-Explorer
User targeted vulnerabilities
Multiple Internet Explorer Memory Corruption Vulnerabilities
Multiple remote code execution vulnerabilities exist when Internet Explorer improperly accesses objects in memory. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
An attacker could host a specially crafted website that is designed to exploit these vulnerabilities through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.
An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerabilities by modifying how Internet Explorer handles objects in memory.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
User targeted vulnerabilities
Multiple Microsoft Edge Memory Corruption Vulnerabilities
Multiple remote code execution vulnerabilities exist when Microsoft Edge improperly accesses objects in memory. The vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
An attacker could host a specially crafted website that is designed to exploit the vulnerabilities through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email.
An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerability by modifying how Microsoft Edge handles objects in memory.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
User targeted vulnerabilities
OpenType Font Parsing Vulnerability - CVE-2016-0120
A denial of service vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could cause a denial of service condition. For systems running Windows 10, an attacker who successfully exploited the vulnerability could potentially cause the application to stop responding instead of the system.
There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.
OpenType Font Parsing Vulnerability - CVE-2016-0121
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
There are multiple ways an attacker could exploit the vulnerability, such as by either convincing a user to open a specially crafted document, or by convincing a user to visit a webpage that contains specially crafted embedded OpenType fonts. The update addresses the vulnerability by correcting how the Windows Adobe Type Manager Library handles OpenType fonts.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
User targeted vulnerabilities
Multiple Windows Media Parsing Remote Code Execution Vulnerabilities
Multiple remote code execution vulnerabilities exist in Microsoft Windows. The vulnerabilities could allow remote code execution if a user opens specially crafted media content that is hosted on a website. To exploit the vulnerabilities, an attacker could host media content on a website or send an attachment in an email and then convince a user to open it.
An attacker who successfully exploited the vulnerabilities could take control of an affected system remotely. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The security update addresses the vulnerabilities by correcting how Windows handles resources in the media library.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
User targeted vulnerabilities
Multiple Windows Remote Code Execution Vulnerabilities
Multiple remote code execution vulnerabilities exist in Microsoft Windows if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user.
If a user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The update addresses the vulnerabilities by modifying how Windows parses .pdf files.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
User targeted vulnerabilities
Shavlik Priority:
Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
User targeted vulnerabilities
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
Library Loading Input Validation Remote Code Execution Vulnerability - CVE-2016-0100
A remote code execution vulnerability exists when Microsoft Windows fails to properly validate input before loading certain libraries. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
To exploit the vulnerability, an attacker must first gain access to the local system and have the ability to execute a malicious application. The update corrects how Windows validates input when loading certain libraries.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
User targeted vulnerabilities
Multiple Microsoft Office Memory Corruption Vulnerabilities
Multiple remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Exploitation of the vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software. Note that the Preview Pane is not an attack vector for these vulnerabilities. In an email attack scenario an attacker could exploit the vulnerabilities by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerabilities. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince them to open the specially crafted file.
The security update addresses the vulnerabilities by correcting how Office handles objects in memory.
Microsoft Office Security Feature Bypass Vulnerability – CVE-2016-0057
A security feature bypass vulnerability exists in Microsoft Office software due to an invalidly signed binary. An attacker who successfully exploited the vulnerability could use a similarly configured binary to host malicious code. A defender would then not be able to rely on a valid binary signature to differentiate between a known good and a malicious binary.
To successfully exploit this vulnerability, an attacker would have to have write access to the target location that contains the invalidly signed binary. The attacker could then overwrite the original file with their own malicious file and wait for an application, or user, to trigger the malicious binary.
The security update addresses the vulnerability by providing a validly signed binary.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
User targeted vulnerabilities
Multiple Windows OLE Memory Remote Code Execution Vulnerabilities
Multiple remote code execution vulnerabilities exist when Microsoft Windows OLE fails to properly validate user input. An attacker could use the vulnerabilities to execute malicious code.
To exploit the vulnerabilities, an attacker would have to convince a user to open either a specially crafted file or a program from either a webpage or an email message. The update addresses the vulnerabilities by correcting how Windows OLE validates user input.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
Windows Elevation of Privilege Vulnerability - CVE-2016-0087
An elevation of privilege vulnerability exists when Microsoft Windows fails to properly sanitize handles in memory. An attacker who successfully exploited the vulnerability could run arbitrary code as System. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application designed to elevate privileges. The update addresses the vulnerability by correcting how Windows sanitizes handles in memory.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
Secondary Logon Elevation of Privilege Vulnerability - CVE-2016-0099
An elevation of privilege vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows manages request handles in memory.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
User targeted vulnerability
USB Mass Storage Elevation of Privilege Vulnerability-CVE-2016-0133
This security update resolves an elevation of privilege vulnerability in Microsoft Windows when the Windows USB Mass Storage Class driver fails to properly validate objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to have physical access to the system. An attacker could then insert a specially crafted USB device that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows USB Mass Storage Class driver handles objects in memory.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
Multiple Win32k Elevation of Privilege Vulnerabilities
Multiple Win32k elevation of privilege vulnerabilities exist when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit these vulnerabilities, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerabilities and take control of an affected system. The update addresses the vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
.NET XML Validation Security Feature Bypass - CVE-2016-0132
A security feature bypass vulnerability exists in a .NET Framework component that does not properly validate certain elements of a signed XML document. An attacker who successfully exploited the vulnerability could modify the contents of an XML file without invalidating the signature associated with the file. If a .NET application relies on the signature to be non-malicious, the behavior of the application could become unpredictable. In custom applications, the security impact depends on the specific usage scenario.
In a .NET application attack scenario, an attacker could modify the contents of an XML file without invalidating the signature associated with the file. The update addresses the vulnerability by correcting how the .NET Framework validates XML documents.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
We do not currently support this update due to a manual prompt for Norton AV that prompts on install. We are working on a way to bypass this without user intervention or installing a Norton application.
Shavlik Priority:
Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing.
Use registration code “Int2016Shavlik”
Sign up for Content Announcements:
Email http://www.shavlik.com/support/xmlsubscribe/
RSS http://protect7.shavlik.com/feed/
Twitter @ShavlikXML
Follow us on:
Shavlik on LinkedIn
Twitter @ShavlikProtect
Shavlik blog -> www.shavlik.com/blog
Chris Goettl on LinkedIn
Twitter @ChrisGoettl
Sign up for webinars or download presentations and watch playbacks:
http://www.shavlik.com/webinars/