SlideShare a Scribd company logo

Patch Tuesday Analysis - February 2016

Download as PPTX, PDF
Ivanti
Ivanti

Ivanti February 2016 Patch Tuesday Analysis Webinar – Formerly Shavlik

Technology
1 of 26
Patch Tuesday Webinar Wednesday, February 10th, 2016 Chris Goettl • Sr. Product Manager Dial In: 1-855-749-4750 (US) Attendees: 929 080 249
Agenda February 2016 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
Industry News DLL Hijacking vulnerability CVE- 2016-0603 resolved in Oracle Java out of band release. German security researcher has identified many other products that are susceptible. Flash Player redistribution to require EA with Adobe starting March 1st, 2016 (was February until recently)
CSWU-020: Cumulative Update for Windows 10: February 9, 2016  Maximum Severity: Critical  Affected Products: Windows 10, Edge, Internet Explorer  Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-009, MS16-011, MS16-012, MS16-013, MS16-014, MS16-016, MS16-017, MS16-018, MS16-019, and MS16-022.  Impact: Remote Code Execution, Elevation of Privilege, Denial of Service  Fixes 26 vulnerabilities:  CVE-2016-0033, CVE-2016-0036, CVE-2016-0038, CVE-2016-0040 (Publicly Disclosed), CVE-2016-0041, CVE-2016-0042, CVE- 2016-0044, CVE-2016-0046, CVE-2016-0047, CVE-2016-0048, CVE-2016-0049, CVE-2016-0051, CVE-2016-0058, CVE-2016- 0059, CVE-2016-0060, CVE-2016-0061, CVE-2016-0062, CVE-2016-0063, CVE-2016-0064, CVE-2016-0067, CVE-2016-0068, CVE-2016-0069, CVE-2016-0071, CVE-2016-0072, CVE-2016-0077, CVE-2016-0080, CVE-2016-0084  Restart Required: Requires Restart
MS16-009: Cumulative Security Update for Internet Explorer (3134220)  Maximum Severity: Critical  Affected Products: Internet Explorer  Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 13 vulnerabilities:  CVE-2016-0041, CVE-2016-0059, CVE-2016-0060, CVE-2016-0061, CVE-2016-0062, CVE-2016-0063, CVE-2016-0064, CVE-2016- 0067, CVE-2016-0068, CVE-2016-0069, CVE-2016-0071, CVE-2016-0072, CVE-2016-0077  Restart Required: Requires Restart
MS16-011: Cumulative Security Update for Microsoft Edge (3134225)  Maximum Severity: Critical  Affected Products: Edge  Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 6 vulnerabilities:  CVE-2016-0060, CVE-2016-0061, CVE-2016-0062, CVE-2016-0077, CVE-2016-0080, CVE-2016-0084  Restart Required: Requires Restart
MS16-012: Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3138938)  Maximum Severity: Critical  Affected Products: Microsoft Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Microsoft Windows PDF Library improperly handles application programming interface (API) calls, which could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. However, an attacker would have no way to force users to download or open a malicious PDF document.  Impact: Remote Code Execution  Fixes 2 vulnerabilities:  CVE-2016-0046, CVE-2016-0058  Restart Required: May Require Restart
MS16-013: Security Update for Windows Journal to Address Remote Code Execution (3134811)  Maximum Severity: Critical  Affected Products: Microsoft Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-0038  Restart Required: May Require Restart
MS16-014: Security Update for Microsoft Windows to Address Remote Code Execution (3134228)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application.  Impact: Remote Code Execution  Fixes 5 vulnerabilities:  CVE-2016-0040 (Publicly Disclosed), CVE-2016-0041, CVE-2016-0042, CVE-2016-0044, CVE-2016-0049  Restart Required: Requires Restart
MS16-015: Security Update for Microsoft Office to Address Remote Code Execution (3134226)  Maximum Severity: Critical  Affected Products: Microsoft Office, Sharepoint  Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 7 vulnerabilities:  CVE-2016-0022, CVE-2016-0039 (Publicly Disclosed), CVE-2016-0052, CVE-2016-0053, CVE-2016-0054, CVE-2016-0055, CVE- 2016-0056  Restart Required: May Require Restart
MS16-022: Security Update for Adobe Flash Player (3135782)  Maximum Severity: Critical  Affected Products: Microsoft Windows, Adobe Flash Player  Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.  Impact: Remote Code Execution  Fixes 22 vulnerabilities:  Resolved by Adobe Flash Player update. See APSB16-004 bulletin for details.  Restart Required:
APSB16-04: Security updates available for Adobe Flash Player  Maximum Severity: Priority 1  Affected Products: Flash Player  Description: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Impact: Remote Code Execution  Fixes 22 vulnerabilities:  CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016- 0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985  Restart Required:
CHROME-160: Google Chrome 48.0.2564.109  Maximum Severity: High  Affected Products: Flash Player  Description: The stable channel has been updated to 48.0.2564.109 for Windows, Mac, and Linux.  Impact: Same-origin bypass, buffer overflow, out-of-bounds read  Fixes 6 vulnerabilities:  CVE-2016-1622, CVE-2016-1623, CVE-2016-1624, CVE-2016-1625, CVE-2016-1626, CVE-2016-1627,  Restart Required:
Java8u73: Critical Security Update for Java Runtime  Maximum Severity: Critical  Affected Products: Java SE  Description: This update release contains several enhancements and changes.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-0603  Restart Required: May Require Restart (almost always)
MS16-016: Security Update for WebDAV to Address Elevation of Privilege (3136041)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker uses the Microsoft Web Distributed Authoring and Versioning (WebDAV) client to send specifically crafted input to a server.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-0051  Restart Required: Requires Restart
MS16-017: Security Update for Remote Desktop Display Driver to Address Elevation of Privilege (3134700)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an authenticated attacker logs on to the target system using RDP and sends specially crafted data over the connection. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-0036  Restart Required: Requires Restart
MS16-018: Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-0048  Restart Required: Requires Restart
MS16-019: Security Update for .NET Framework to Address Denial of Service (3137893)  Maximum Severity: Important  Affected Products: Windows, .Net Framework  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.  Impact: Denial of Service  Fixes 1 vulnerabilities:  CVE-2016-0048  Restart Required: May Require Restart
MS16-020: Security Update for Active Directory Federation Services to Address Denial of Service (3134222)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow denial of service if an attacker sends certain input data during forms-based authentication to an ADFS server, causing the server to become nonresponsive.  Impact: Denial of Service  Fixes 1 vulnerabilities:  CVE-2016-0037  Restart Required: May Require Restart
MS16-021: Security Update for NPS RADIUS Server to Address Denial of Service (3133043)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could cause denial of service on a Network Policy Server (NPS) if an attacker sends specially crafted username strings to the NPS, which could prevent RADIUS authentication on the NPS.  Impact: Denial of Service  Fixes 1 vulnerabilities:  CVE-2016-0050  Restart Required: May Require Restart
Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.
Thank you

Recommended

Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016Ivanti
 
Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Ivanti
 
Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Ivanti
 
August Patch Tuesday 2016
August Patch Tuesday 2016August Patch Tuesday 2016
August Patch Tuesday 2016LANDESK
 
Patch Tuesday Analysis - June 2016
Patch Tuesday Analysis - June 2016Patch Tuesday Analysis - June 2016
Patch Tuesday Analysis - June 2016Ivanti
 
Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016Ivanti
 
November2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikNovember2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikLANDESK
 
October2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikOctober2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikLANDESK
 

Recommended

Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016Patch Tuesday Analysis - March 2016
Patch Tuesday Analysis - March 2016Ivanti
 
Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Patch Tuesday Analysis - April 2016
Patch Tuesday Analysis - April 2016Ivanti
 
Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Patch Tuesday Analysis - January 2016
Patch Tuesday Analysis - January 2016Ivanti
 
August Patch Tuesday 2016
August Patch Tuesday 2016August Patch Tuesday 2016
August Patch Tuesday 2016LANDESK
 
Patch Tuesday Analysis - June 2016
Patch Tuesday Analysis - June 2016Patch Tuesday Analysis - June 2016
Patch Tuesday Analysis - June 2016Ivanti
 
Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016Patch Tuesday Analysis - May 2016
Patch Tuesday Analysis - May 2016Ivanti
 
November2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikNovember2016 patchtuesdayshavlik
November2016 patchtuesdayshavlikLANDESK
 
October2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikOctober2016 patchtuesdayshavlik
October2016 patchtuesdayshavlikLANDESK
 
Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016LANDESK
 
Patch Tuesday Analysis - October 2015
Patch Tuesday Analysis - October 2015Patch Tuesday Analysis - October 2015
Patch Tuesday Analysis - October 2015Ivanti
 
December2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikDecember2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikLANDESK
 
Patch Tuesday Analysis - December 2015
Patch Tuesday Analysis - December 2015Patch Tuesday Analysis - December 2015
Patch Tuesday Analysis - December 2015Ivanti
 
Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015Ivanti
 
August Patch Tuesday Analysis
August Patch Tuesday AnalysisAugust Patch Tuesday Analysis
August Patch Tuesday AnalysisIvanti
 
February 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisFebruary 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisIvanti
 
January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018Ivanti
 
July 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisJuly 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisIvanti
 
Patch Tuesday Analysis - August 2015
Patch Tuesday Analysis - August 2015Patch Tuesday Analysis - August 2015
Patch Tuesday Analysis - August 2015Ivanti
 
March 2018 Patch Tuesday Ivanti
March 2018 Patch Tuesday IvantiMarch 2018 Patch Tuesday Ivanti
March 2018 Patch Tuesday IvantiIvanti
 
January2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikJanuary2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikLANDESK
 
December 2017 Patch Tuesday
December 2017 Patch TuesdayDecember 2017 Patch Tuesday
December 2017 Patch TuesdayIvanti
 
April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018Ivanti
 
Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017Ivanti
 
October 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisOctober 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisIvanti
 
Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015Ivanti
 
Patch Tuesday Analysis - July 2016
Patch Tuesday Analysis - July 2016Patch Tuesday Analysis - July 2016
Patch Tuesday Analysis - July 2016Ivanti
 
Patch Tuesday Analysis - August 2016
Patch Tuesday Analysis - August 2016Patch Tuesday Analysis - August 2016
Patch Tuesday Analysis - August 2016Ivanti
 
Patch Tuesday Analysis - September 2016
Patch Tuesday Analysis - September 2016Patch Tuesday Analysis - September 2016
Patch Tuesday Analysis - September 2016Ivanti
 
Patch Tuesday Analysis - December 2016
Patch Tuesday Analysis - December 2016Patch Tuesday Analysis - December 2016
Patch Tuesday Analysis - December 2016Ivanti
 
Patch Tuesday Analysis - July 2015
Patch Tuesday Analysis - July 2015Patch Tuesday Analysis - July 2015
Patch Tuesday Analysis - July 2015Ivanti
 

More Related Content

What's hot

Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016LANDESK
 
Patch Tuesday Analysis - October 2015
Patch Tuesday Analysis - October 2015Patch Tuesday Analysis - October 2015
Patch Tuesday Analysis - October 2015Ivanti
 
December2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikDecember2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikLANDESK
 
Patch Tuesday Analysis - December 2015
Patch Tuesday Analysis - December 2015Patch Tuesday Analysis - December 2015
Patch Tuesday Analysis - December 2015Ivanti
 
Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015Ivanti
 
August Patch Tuesday Analysis
August Patch Tuesday AnalysisAugust Patch Tuesday Analysis
August Patch Tuesday AnalysisIvanti
 
February 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisFebruary 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisIvanti
 
January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018Ivanti
 
July 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisJuly 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisIvanti
 
Patch Tuesday Analysis - August 2015
Patch Tuesday Analysis - August 2015Patch Tuesday Analysis - August 2015
Patch Tuesday Analysis - August 2015Ivanti
 
March 2018 Patch Tuesday Ivanti
March 2018 Patch Tuesday IvantiMarch 2018 Patch Tuesday Ivanti
March 2018 Patch Tuesday IvantiIvanti
 
January2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikJanuary2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikLANDESK
 
December 2017 Patch Tuesday
December 2017 Patch TuesdayDecember 2017 Patch Tuesday
December 2017 Patch TuesdayIvanti
 
April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018Ivanti
 
Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017Ivanti
 
October 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisOctober 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisIvanti
 

What's hot (16)

Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016Shavlik September Patch Tuesday 2016
Shavlik September Patch Tuesday 2016
 
Patch Tuesday Analysis - October 2015
Patch Tuesday Analysis - October 2015Patch Tuesday Analysis - October 2015
Patch Tuesday Analysis - October 2015
 
December2016 patchtuesdayshavlik
December2016 patchtuesdayshavlikDecember2016 patchtuesdayshavlik
December2016 patchtuesdayshavlik
 
Patch Tuesday Analysis - December 2015
Patch Tuesday Analysis - December 2015Patch Tuesday Analysis - December 2015
Patch Tuesday Analysis - December 2015
 
Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015Patch Tuesday Analysis - September 2015
Patch Tuesday Analysis - September 2015
 
August Patch Tuesday Analysis
August Patch Tuesday AnalysisAugust Patch Tuesday Analysis
August Patch Tuesday Analysis
 
February 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday AnalysisFebruary 2018 Patch Tuesday Analysis
February 2018 Patch Tuesday Analysis
 
January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018January Patch Tuesday Webinar 2018
January Patch Tuesday Webinar 2018
 
July 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday AnalysisJuly 2018 Patch Tuesday Analysis
July 2018 Patch Tuesday Analysis
 
Patch Tuesday Analysis - August 2015
Patch Tuesday Analysis - August 2015Patch Tuesday Analysis - August 2015
Patch Tuesday Analysis - August 2015
 
March 2018 Patch Tuesday Ivanti
March 2018 Patch Tuesday IvantiMarch 2018 Patch Tuesday Ivanti
March 2018 Patch Tuesday Ivanti
 
January2017 patchtuesdayshavlik
January2017 patchtuesdayshavlikJanuary2017 patchtuesdayshavlik
January2017 patchtuesdayshavlik
 
December 2017 Patch Tuesday
December 2017 Patch TuesdayDecember 2017 Patch Tuesday
December 2017 Patch Tuesday
 
April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018April Patch Tuesday Analysis 2018
April Patch Tuesday Analysis 2018
 
Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017Ivanti Patch Tuesday November 2017
Ivanti Patch Tuesday November 2017
 
October 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday AnalysisOctober 2017 Ivanti Patch Tuesday Analysis
October 2017 Ivanti Patch Tuesday Analysis
 

Viewers also liked

Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015Ivanti
 
Patch Tuesday Analysis - July 2016
Patch Tuesday Analysis - July 2016Patch Tuesday Analysis - July 2016
Patch Tuesday Analysis - July 2016Ivanti
 
Patch Tuesday Analysis - August 2016
Patch Tuesday Analysis - August 2016Patch Tuesday Analysis - August 2016
Patch Tuesday Analysis - August 2016Ivanti
 
Patch Tuesday Analysis - September 2016
Patch Tuesday Analysis - September 2016Patch Tuesday Analysis - September 2016
Patch Tuesday Analysis - September 2016Ivanti
 
Patch Tuesday Analysis - December 2016
Patch Tuesday Analysis - December 2016Patch Tuesday Analysis - December 2016
Patch Tuesday Analysis - December 2016Ivanti
 
Patch Tuesday Analysis - July 2015
Patch Tuesday Analysis - July 2015Patch Tuesday Analysis - July 2015
Patch Tuesday Analysis - July 2015Ivanti
 
Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016Ivanti
 
Patch Tuesday Analysis - November 2016
Patch Tuesday Analysis - November 2016Patch Tuesday Analysis - November 2016
Patch Tuesday Analysis - November 2016Ivanti
 

Viewers also liked (8)

Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015Patch Tuesday Analysis - November 2015
Patch Tuesday Analysis - November 2015
 
Patch Tuesday Analysis - July 2016
Patch Tuesday Analysis - July 2016Patch Tuesday Analysis - July 2016
Patch Tuesday Analysis - July 2016
 
Patch Tuesday Analysis - August 2016
Patch Tuesday Analysis - August 2016Patch Tuesday Analysis - August 2016
Patch Tuesday Analysis - August 2016
 
Patch Tuesday Analysis - September 2016
Patch Tuesday Analysis - September 2016Patch Tuesday Analysis - September 2016
Patch Tuesday Analysis - September 2016
 
Patch Tuesday Analysis - December 2016
Patch Tuesday Analysis - December 2016Patch Tuesday Analysis - December 2016
Patch Tuesday Analysis - December 2016
 
Patch Tuesday Analysis - July 2015
Patch Tuesday Analysis - July 2015Patch Tuesday Analysis - July 2015
Patch Tuesday Analysis - July 2015
 
Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016Patch Tuesday Analysis - October 2016
Patch Tuesday Analysis - October 2016
 
Patch Tuesday Analysis - November 2016
Patch Tuesday Analysis - November 2016Patch Tuesday Analysis - November 2016
Patch Tuesday Analysis - November 2016
 

Similar to Patch Tuesday Analysis - February 2016

Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017Ivanti
 
Patch Tuesday Analysis - January 2017
Patch Tuesday Analysis - January 2017 Patch Tuesday Analysis - January 2017
Patch Tuesday Analysis - January 2017 Ivanti
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018Ivanti
 
November Patch Tuesday Analysis
November Patch Tuesday AnalysisNovember Patch Tuesday Analysis
November Patch Tuesday AnalysisIvanti
 
July Patch Tuesday 2020
July Patch Tuesday 2020July Patch Tuesday 2020
July Patch Tuesday 2020Dan Lalli
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch TuesdayIvanti
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - maiIvanti
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxIvanti
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020Ivanti
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch TuesdayIvanti
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesdayIvanti
 
April 2019 Patch Tuesday
April 2019 Patch TuesdayApril 2019 Patch Tuesday
April 2019 Patch TuesdayIvanti
 

Similar to Patch Tuesday Analysis - February 2016 (12)

Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017Patch Tuesday Analysis - March 2017
Patch Tuesday Analysis - March 2017
 
Patch Tuesday Analysis - January 2017
Patch Tuesday Analysis - January 2017 Patch Tuesday Analysis - January 2017
Patch Tuesday Analysis - January 2017
 
June Patch Tuesday 2018
June Patch Tuesday 2018June Patch Tuesday 2018
June Patch Tuesday 2018
 
November Patch Tuesday Analysis
November Patch Tuesday AnalysisNovember Patch Tuesday Analysis
November Patch Tuesday Analysis
 
July Patch Tuesday 2020
July Patch Tuesday 2020July Patch Tuesday 2020
July Patch Tuesday 2020
 
2022 March Patch Tuesday
2022 March Patch Tuesday2022 March Patch Tuesday
2022 March Patch Tuesday
 
Analyse Patch Tuesday - mai
Analyse Patch Tuesday - maiAnalyse Patch Tuesday - mai
Analyse Patch Tuesday - mai
 
Janvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptxJanvier2023PatchTuesday - Presenter slides.pptx
Janvier2023PatchTuesday - Presenter slides.pptx
 
Patch Tuesday for January 2020
Patch Tuesday for January 2020Patch Tuesday for January 2020
Patch Tuesday for January 2020
 
2023 May Patch Tuesday
2023 May Patch Tuesday2023 May Patch Tuesday
2023 May Patch Tuesday
 
January 2022 patch tuesday
January 2022 patch tuesdayJanuary 2022 patch tuesday
January 2022 patch tuesday
 
April 2019 Patch Tuesday
April 2019 Patch TuesdayApril 2019 Patch Tuesday
April 2019 Patch Tuesday
 

More from Ivanti

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de AbrilIvanti
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - AvrilIvanti
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia AprileIvanti
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - MarsIvanti
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de MarzoIvanti
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia MarzoIvanti
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch TuesdayIvanti
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de FebreroIvanti
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - FévrierIvanti
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioIvanti
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch TuesdayIvanti
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch TuesdayIvanti
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch TuesdayIvanti
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch TuesdayIvanti
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de EneroIvanti
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – JanvierIvanti
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch TuesdayIvanti
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de DiciembreIvanti
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – DécembreIvanti
 

More from Ivanti (20)

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Patch Tuesday de Abril
Patch Tuesday de AbrilPatch Tuesday de Abril
Patch Tuesday de Abril
 
Français Patch Tuesday - Avril
Français Patch Tuesday - AvrilFrançais Patch Tuesday - Avril
Français Patch Tuesday - Avril
 
Patch Tuesday Italia Aprile
Patch Tuesday Italia AprilePatch Tuesday Italia Aprile
Patch Tuesday Italia Aprile
 
Français Patch Tuesday - Mars
Français Patch Tuesday - MarsFrançais Patch Tuesday - Mars
Français Patch Tuesday - Mars
 
Patch Tuesday de Marzo
Patch Tuesday de MarzoPatch Tuesday de Marzo
Patch Tuesday de Marzo
 
Patch Tuesday Italia Marzo
Patch Tuesday Italia MarzoPatch Tuesday Italia Marzo
Patch Tuesday Italia Marzo
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
Patch Tuesday de Febrero
Patch Tuesday de FebreroPatch Tuesday de Febrero
Patch Tuesday de Febrero
 
2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février2024 Français Patch Tuesday - Février
2024 Français Patch Tuesday - Février
 
Patch Tuesday Italia Febbraio
Patch Tuesday Italia FebbraioPatch Tuesday Italia Febbraio
Patch Tuesday Italia Febbraio
 
2024 February Patch Tuesday
2024 February Patch Tuesday2024 February Patch Tuesday
2024 February Patch Tuesday
 
2024 Enero Patch Tuesday
2024 Enero Patch Tuesday2024 Enero Patch Tuesday
2024 Enero Patch Tuesday
 
2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday2024 Janvier Patch Tuesday
2024 Janvier Patch Tuesday
 
2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday2024 Gennaio Patch Tuesday
2024 Gennaio Patch Tuesday
 
Patch Tuesday de Enero
Patch Tuesday de EneroPatch Tuesday de Enero
Patch Tuesday de Enero
 
Français Patch Tuesday – Janvier
Français Patch Tuesday – JanvierFrançais Patch Tuesday – Janvier
Français Patch Tuesday – Janvier
 
2024 January Patch Tuesday
2024 January Patch Tuesday2024 January Patch Tuesday
2024 January Patch Tuesday
 
Patch Tuesday de Diciembre
Patch Tuesday de DiciembrePatch Tuesday de Diciembre
Patch Tuesday de Diciembre
 
Français Patch Tuesday – Décembre
Français Patch Tuesday – DécembreFrançais Patch Tuesday – Décembre
Français Patch Tuesday – Décembre
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 

Patch Tuesday Analysis - February 2016

  • 1. Patch Tuesday Webinar Wednesday, February 10th, 2016 Chris Goettl • Sr. Product Manager Dial In: 1-855-749-4750 (US) Attendees: 929 080 249
  • 2. Agenda February 2016 Patch Tuesday Overview Known Issues Bulletins Q & A 1 2 3 4
  • 3.
  • 4.
  • 5.
  • 6. Industry News DLL Hijacking vulnerability CVE- 2016-0603 resolved in Oracle Java out of band release. German security researcher has identified many other products that are susceptible. Flash Player redistribution to require EA with Adobe starting March 1st, 2016 (was February until recently)
  • 7. CSWU-020: Cumulative Update for Windows 10: February 9, 2016  Maximum Severity: Critical  Affected Products: Windows 10, Edge, Internet Explorer  Description: This update for Windows 10 includes functionality improvements and resolves the vulnerabilities in Windows that are described in the following Microsoft security bulletins and advisory: MS16-009, MS16-011, MS16-012, MS16-013, MS16-014, MS16-016, MS16-017, MS16-018, MS16-019, and MS16-022.  Impact: Remote Code Execution, Elevation of Privilege, Denial of Service  Fixes 26 vulnerabilities:  CVE-2016-0033, CVE-2016-0036, CVE-2016-0038, CVE-2016-0040 (Publicly Disclosed), CVE-2016-0041, CVE-2016-0042, CVE- 2016-0044, CVE-2016-0046, CVE-2016-0047, CVE-2016-0048, CVE-2016-0049, CVE-2016-0051, CVE-2016-0058, CVE-2016- 0059, CVE-2016-0060, CVE-2016-0061, CVE-2016-0062, CVE-2016-0063, CVE-2016-0064, CVE-2016-0067, CVE-2016-0068, CVE-2016-0069, CVE-2016-0071, CVE-2016-0072, CVE-2016-0077, CVE-2016-0080, CVE-2016-0084  Restart Required: Requires Restart
  • 8. MS16-009: Cumulative Security Update for Internet Explorer (3134220)  Maximum Severity: Critical  Affected Products: Internet Explorer  Description: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.  Impact: Remote Code Execution  Fixes 13 vulnerabilities:  CVE-2016-0041, CVE-2016-0059, CVE-2016-0060, CVE-2016-0061, CVE-2016-0062, CVE-2016-0063, CVE-2016-0064, CVE-2016- 0067, CVE-2016-0068, CVE-2016-0069, CVE-2016-0071, CVE-2016-0072, CVE-2016-0077  Restart Required: Requires Restart
  • 9. MS16-011: Cumulative Security Update for Microsoft Edge (3134225)  Maximum Severity: Critical  Affected Products: Edge  Description: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 6 vulnerabilities:  CVE-2016-0060, CVE-2016-0061, CVE-2016-0062, CVE-2016-0077, CVE-2016-0080, CVE-2016-0084  Restart Required: Requires Restart
  • 10. MS16-012: Security Update for Microsoft Windows PDF Library to Address Remote Code Execution (3138938)  Maximum Severity: Critical  Affected Products: Microsoft Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if Microsoft Windows PDF Library improperly handles application programming interface (API) calls, which could allow an attacker to run arbitrary code on the user’s system. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. However, an attacker would have no way to force users to download or open a malicious PDF document.  Impact: Remote Code Execution  Fixes 2 vulnerabilities:  CVE-2016-0046, CVE-2016-0058  Restart Required: May Require Restart
  • 11. MS16-013: Security Update for Windows Journal to Address Remote Code Execution (3134811)  Maximum Severity: Critical  Affected Products: Microsoft Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-0038  Restart Required: May Require Restart
  • 12. MS16-014: Security Update for Microsoft Windows to Address Remote Code Execution (3134228)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker is able to log on to a target system and run a specially crafted application.  Impact: Remote Code Execution  Fixes 5 vulnerabilities:  CVE-2016-0040 (Publicly Disclosed), CVE-2016-0041, CVE-2016-0042, CVE-2016-0044, CVE-2016-0049  Restart Required: Requires Restart
  • 13. MS16-015: Security Update for Microsoft Office to Address Remote Code Execution (3134226)  Maximum Severity: Critical  Affected Products: Microsoft Office, Sharepoint  Description: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  Impact: Remote Code Execution  Fixes 7 vulnerabilities:  CVE-2016-0022, CVE-2016-0039 (Publicly Disclosed), CVE-2016-0052, CVE-2016-0053, CVE-2016-0054, CVE-2016-0055, CVE- 2016-0056  Restart Required: May Require Restart
  • 14. MS16-022: Security Update for Adobe Flash Player (3135782)  Maximum Severity: Critical  Affected Products: Microsoft Windows, Adobe Flash Player  Description: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.  Impact: Remote Code Execution  Fixes 22 vulnerabilities:  Resolved by Adobe Flash Player update. See APSB16-004 bulletin for details.  Restart Required:
  • 15. APSB16-04: Security updates available for Adobe Flash Player  Maximum Severity: Priority 1  Affected Products: Flash Player  Description: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Impact: Remote Code Execution  Fixes 22 vulnerabilities:  CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016- 0971, CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983, CVE-2016-0984, CVE-2016-0985  Restart Required:
  • 16. CHROME-160: Google Chrome 48.0.2564.109  Maximum Severity: High  Affected Products: Flash Player  Description: The stable channel has been updated to 48.0.2564.109 for Windows, Mac, and Linux.  Impact: Same-origin bypass, buffer overflow, out-of-bounds read  Fixes 6 vulnerabilities:  CVE-2016-1622, CVE-2016-1623, CVE-2016-1624, CVE-2016-1625, CVE-2016-1626, CVE-2016-1627,  Restart Required:
  • 17. Java8u73: Critical Security Update for Java Runtime  Maximum Severity: Critical  Affected Products: Java SE  Description: This update release contains several enhancements and changes.  Impact: Remote Code Execution  Fixes 1 vulnerabilities:  CVE-2016-0603  Restart Required: May Require Restart (almost always)
  • 18. MS16-016: Security Update for WebDAV to Address Elevation of Privilege (3136041)  Maximum Severity: Important  Affected Products: Microsoft Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker uses the Microsoft Web Distributed Authoring and Versioning (WebDAV) client to send specifically crafted input to a server.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-0051  Restart Required: Requires Restart
  • 19. MS16-017: Security Update for Remote Desktop Display Driver to Address Elevation of Privilege (3134700)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an authenticated attacker logs on to the target system using RDP and sends specially crafted data over the connection. By default, RDP is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-0036  Restart Required: Requires Restart
  • 20. MS16-018: Security Update for Windows Kernel-Mode Drivers to Address Elevation of Privilege (3136082)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.  Impact: Elevation of Privilege  Fixes 1 vulnerabilities:  CVE-2016-0048  Restart Required: Requires Restart
  • 21. MS16-019: Security Update for .NET Framework to Address Denial of Service (3137893)  Maximum Severity: Important  Affected Products: Windows, .Net Framework  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.  Impact: Denial of Service  Fixes 1 vulnerabilities:  CVE-2016-0048  Restart Required: May Require Restart
  • 22. MS16-020: Security Update for Active Directory Federation Services to Address Denial of Service (3134222)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow denial of service if an attacker sends certain input data during forms-based authentication to an ADFS server, causing the server to become nonresponsive.  Impact: Denial of Service  Fixes 1 vulnerabilities:  CVE-2016-0037  Restart Required: May Require Restart
  • 23. MS16-021: Security Update for NPS RADIUS Server to Address Denial of Service (3133043)  Maximum Severity: Important  Affected Products: Windows  Description: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could cause denial of service on a Network Policy Server (NPS) if an attacker sends specially crafted username strings to the NPS, which could prevent RADIUS authentication on the NPS.  Impact: Denial of Service  Fixes 1 vulnerabilities:  CVE-2016-0050  Restart Required: May Require Restart
  • 24.
  • 25. Resources and Webinars Get Shavlik Content Updates Get Social with Shavlik Sign up for next months Patch Tuesday Webinar Watch previous webinars and download presentation.

Editor's Notes

  1. http://news.softpedia.com/news/dll-hijacking-issue-plagues-products-like-firefox-chrome-itunes-openoffice-500060.shtml https://www.adobe.com/products/flashplayer/distribution3.html
  2. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
  3. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Many of the vulnerabilities target a user to exploit. https://support.microsoft.com/en-us/kb/3134814 Includes 7 non-security fixes as well. Most of the vulnerabilities are exploiting objects in memory. An attacker could host a specially crafted website that is designed to exploit these vulnerabilities through Internet Explorer, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerabilities. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by way of enticement in an email or Instant Messenger message, or by getting them to open an attachment sent through email. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The update addresses the vulnerabilities by modifying how Internet Explorer handles objects in memory.
  4. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. 4 of 6 were common across IE and Edge. Those 4 were all memory corruption vulnerabilities like in IE. Many of the vulnerabilities target a user to exploit.
  5. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Discrepancy: Calls out Server Core, but update would not install on core. WSUS also does not offer for Core. Either they will push a re-release or pull the doc discrepancy. This is PDF related so would Core really be affected? Vulnerabilities target a user to exploit. For an attack to succeed, a user must open a specially crafted Windows Reader file with an affected version of Windows Reader. In an email attack scenario, an attacker would have to convince the user to open a specially crafted Windows Reader file. The update addresses the vulnerability by modifying how Windows Reader parses files.
  6. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. For an attack to be successful, this vulnerability requires that a user open a specially crafted Journal file with an affected version of Windows Journal. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted Journal file to the user and then convincing the user to open the file.
  7. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Publicly disclosed CVE-2016-0040 Known issue # 1 https://support.microsoft.com/en-us/kb/3126593 (KB3126587) Customers using Corel VideoStudio X8 or Corel VideoStudio X9 on Windows 7 may experience a crash while launching or using that product. Customers should install the latest updates from Corel to prevent this issue, or contact Corel for more information and help.  The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products. Known issue # 1 https://support.microsoft.com/en-us/kb/3126593 (KB3126593) After you install this security update, the behavior of searching for DLLs to load in certain scenarios (specifically, when loading implicit dependencies of COM server DLLs) will be changed from the previous behavior in the following way: Unless a prefix of the current directory’s full path is in the Safe Load List, the current directory will be skipped during the search (notice that previously, the current directory was used to search for the DLL). This new behavior may affect some legacy application behavior, and when the DLL loader notices this possible change in behavior, a warning or error message that resembles one of the following may be displayed in the Application log that is available in Event Viewer: The following warning message indicates the dependency file was not loaded from the current working directory (CWD) because of it not being trusted, but was found in another location:Loading dependency %2 from the current directory was not allowed when attempted by %1. Another DLL was found: %3. The following error message indicates the DLL was not loaded from the current working directory (CWD) because of it not being trusted, and was not found at all.Loading dependency %2 from the current directory was not allowed when attempted by %1. No other DLL was found and the dependency resolution failed. In both cases, %1 is the full path to the application process’s executable (.exe) file, and %2 is the full path if the DLL is found in the CWD.  If the application requires the old dependency loading behavior for its correct operation for a specific directory, you can achieve this scenario by adding this directory or its trusted ancestor to the Safe Load List. To do this, follow these steps:Make sure that your trusted location, together with all its descendant tree, is protected properly from unauthorized modifications by NTFS permissions. Add a string value to the following subkey in the registry in which the data is the full path to that trusted location:HKLM\System\CurrentControlSet\Control\Session Manager\Safe Load Prefixes After you make these changes, as long as the CWD is under that location, the DLLs in that CWD will be trusted and loaded as before.  Known issue # 2 Customers using Corel VideoStudio X8 or Corel VideoStudio X9 on Windows 7 may experience a crash while launching or using that product. Customers should install the latest updates from Corel to prevent this issue, or contact Corel for more information and help.  The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
  8. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. MS updated an older Security Advisory relating to RDP from last nights release. https://technet.microsoft.com/en-us/library/security/2871997 there was also a hidden KB that is not in the bulletin, but was available to deploy. CVE-2016-0039 (Publicly Disclosed) Microsoft SharePoint XSS Vulnerability – CVE-2016-0039 An elevation of privilege vulnerability exists when SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. I have Microsoft Word 2010 installed. Why am I not being offered the 3114752 update?  The 3114752 update only applies to systems running specific configurations of Microsoft Office 2010. Some configurations will not be offered the update.
  9. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems.
  10. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. To fully update Flash Player you must apply the IE Security Advisory, Google Chrome update, Mozilla Firefox and the Flash Player install.
  11. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. Also includes support for updated Flash and the 22 fixes for Adobe Flash Plug-In. To fully update Flash Player you must apply the IE Security Advisory, Google Chrome update, Mozilla Firefox and the Flash Player install.
  12. Shavlik Priority: Shavlik rates this bulletin as a Priority 1. This means you should update as soon as possible on all systems. http://www.oracle.com/technetwork/java/javase/8u73-relnotes-2874654.html Oracle recommends removing all older install media from your network.
  13. Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. WebDAV Elevation of Privilege Vulnerability - CVE-2016-0051 An elevation of privilege vulnerability exists in the Microsoft Web Distributed Authoring and Versioning (WebDAV) client when WebDAV improperly validates input. An attacker who successfully exploited this vulnerability could execute arbitrary code with elevated permissions. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Workstations and servers are primarily vulnerable to this attack. The update addresses the vulnerability by correcting how WebDAV validates input.
  14. Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Known issues in security update 3126446 https://support.microsoft.com/en-us/kb/3134700 You may have to restart the computer multiple times after you install this security update on a Windows 7-based computer that is running RDP 8.0.  Remote Desktop Protocol (RDP) Elevation of Privilege Vulnerability - CVE-2016-0036 An elevation of privilege vulnerability exists in Remote Desktop Protocol (RDP) when an attacker logs on to the target system using RDP and sends specially crafted data over the authenticated connection. An attacker who successfully exploited this vulnerability could execute code with elevated privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the target system by using the Remote Desktop Protocol (RDP). An attacker could then run a specially crafted application that is designed to create the crash condition that leads to elevated privileges. The update addresses the vulnerability by correcting how RDP handles objects in memory.
  15. Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Kernel-Mode Driver update. Test well. Win32k Elevation of Privilege Vulnerability - CVE-2016-0048 An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.
  16. Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. 4.5.2 is only supported version of 4.5. https://support.microsoft.com/en-us/gp/framework_faq/en-us 1. What is the Microsoft Support Lifecycle policy for .NET Framework?  (reading between the lines, pretty much like IE. If it is OS level it is supported until EOL of OS, but as separate product install you should upgrade) In March 2010, Microsoft announced that beginning with .NET Framework 3.5 Service Pack 1 (SP1), the .NET Framework is defined as a component instead of an independent product. As a component, .NET Framework version 3.5 Service Pack 1 (SP1) or later assumes the same Support Lifecycle policy as its underlying Windows operating system.  On August 7, 2014, Microsoft announced that support will end for .NET Framework 4, 4.5, and 4.5.1 on January 12, 2016. Customers and developers need to have completed the in-place update to .NET Framework 4.5.2 by January 12, 2016 to continue receiving technical support and security updates. Support for .NET Framework 4.5.2, as well as all other .NET Framework versions such as 3.5 SP1, will continue to be supported for the duration of the operating system support lifecycle.  Additional information on the history of .NET Framework support lifecycle is available below.
  17. Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Microsoft Active Directory Federation Services Denial of Service Vulnerability - CVE- 2016-0037 A denial of service vulnerability exists when Active Directory Federation Services (ADFS) attempts to process certain input during forms-based authentication. An attacker who successfully exploits this vulnerability by sending certain input during forms-based authentication could cause the server to become nonresponsive. The update addresses the vulnerability by adding additional checks on input data during forms-based authentication.
  18. Shavlik Priority: Shavlik rates this bulletin as a Priority 2. This means the update should be implemented in a reasonable timeframe after adequate testing. Has a Core patch, but also failed to install. We will be watching for a rerelease on this one. Network Policy Server RADIUS Implementation Denial of Service Vulnerability – CVE-2016-0050 A denial of service vulnerability exists when a Network Policy Server (NPS) improperly handles a Remote Authentication Dial-In User Service (RADIUS) authentication request. An unauthenticated attacker who successfully exploited this vulnerability could send specially crafted username strings to a Network Policy Server (NPS) causing a denial of service condition for RADIUS authentication on the NPS. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate user rights. To exploit the vulnerability, an attacker would need to have network access to the affected NPS and then create an application to send specially crafted RADIUS authentication requests to the NPS. The security update addresses the vulnerability by changing how the NPS parses username queries when implementing RADIUS.
  19. Sign up for Content Announcements: Email http://www.shavlik.com/support/xmlsubscribe/ RSS http://protect7.shavlik.com/feed/ Twitter @ShavlikXML Follow us on: Shavlik on LinkedIn Twitter @ShavlikProtect Shavlik blog -> www.shavlik.com/blog Chris Goettl on LinkedIn Twitter @ChrisGoettl Sign up for webinars or download presentations and watch playbacks: http://www.shavlik.com/webinars/