Microsoft recently released the patches for July 2016. The details are available at http://technet.microsoft.com/en-us/security/bulletin/ms16-jul
Takeaways –
No zero day vulnerabilities are currently known (code vulnerabilities that are actively being exploited) for any of the products that are being patched in July 2016.
Vulnerabilities being patched in bulletins MS16-084 through MS16-088 are classified as CRITICAL as they could allow remote code execution if successfully exploited.
Patch MS16-093 was released for Adobe Flash.
Remote code execution exploits are commonly used via drive by (web page) exploits or email attachments to compromise workstation operating systems. In the case of Windows or Office vulnerabilities, remote code execution is possible via specially crafted files or media content. The majority of the remote code execution vulnerabilities are exploitable via memory corruption compromises. Other mechanisms of compromise could allow the following exploits: Elevation of Privilege, Security Feature Bypass, Denial of Service or Information Disclosure.
The July bulletins are identified as MS16-084 through MS16-094.
CRITICAL patches for July
The CRITICAL vulnerabilities apply to Windows, Internet Explorer and Edge (Windows 10 browser), Windows spooler, Office, and Office Services and Web apps, Adobe Flash and could allow remote code execution if successfully exploited.
IMPORTANT bulletins (at least two of which could allow remote code execution) apply to Windows, and .NET framework
MS16-084 – Internet Explorer – Remote Code Execution – CRITICAL – Patch after testing
Bulletin MS16-084 includes fifteen patches. Seven of which are CRITICAL memory corruption/remote code execution vulnerabilities. The remaining vulnerabilities for July are for Remote Code Execution (but classified as IMPORTANT), Security Feature Bypass, Information Disclosure or Spoofing conditions in Windows Explorer. The vulnerabilities are classified as MODERATE for server operating systems. As of this time, none of the code vulnerabilities have been disclosed publicly nor has exploit code been identified.
MS16-085 – Edge Browser for Windows 10 – Remote Code Execution/Information Disclosure and Security Feature Bypass- CRITICAL – Patch after testing
Bulletin MS16-085 includes patches for a total of thirteen vulnerabilities for the Edge Browser for Windows 10. Seven of which are CRITICAL memory corruption/remote code execution vulnerabilities. The remaining vulnerabilities are associated with Security Feature Bypass, Information Disclosure or Spoofing conditions in Windows 10 Edge. As of this time, none of the code vulnerabilities have been disclosed publicly nor has exploit code been identified.
MS16-086 – Windows Vista and Server 2008 (including server core only installs) – JScript version 5.7 and VBSript 5.7 and 5.8 – Remote Code Execution – CRITICAL for Vista workstations/Moderate for Server 2008
Bulletin MS16-086 includes a single remote code execution vulnerability for Windows Vista and Windows 2008 for JScript version 5.8 and VBScript versions 5.7 or 5.8. All of the vulnerabilities could allow Remote Code Execution on workstations if successfully exploited. The vulnerabilities are only classified as CRITICAL on Vista workstation installs. Server 2008 installations (including server core only) that include JScript 5.8 or VBScript 5.7 or 5.8 are assigned a severity of moderate. As of this time, the vulnerabilities have not been exposed publicly nor has exploit code been identified.
MS16-087 – Windows Print Spooler – Remote Code Execution – CRITICAL
Bulletin MS16-087 resolves one CRITICAL remote code execution and one important privilege escalation vulnerability for Windows Print Spooler for all current Windows Workstation and Windows Server (even server core only installations). To exploit this vulnerability, an attacker must be able to execute a man-in-the-middle (MiTM) attack on a workstation or print server, or set up a rogue print server on a target network. The update addresses the vulnerability by issuing a warning to users who attempt to install untrusted printer drivers. As of this time, the vulnerabilities have not been exposed publicly nor has exploit code been identified.
MS16-088 – Windows Office and Office Services/Web Apps – Remote Code Execution – CRITICAL
Bulletin MS16-088 resolves four CRITICAL memory corruption/remote code execution vulnerabilities, one IMPORTANT memory corruption/remote code execution vulnerability and one Security Feature Bypass vulnerability in the following Microsoft Office and Office Services and Web Apps products: Office 2007sp3 (Excel and Word), Office 2010sp2 (32 and 64 bit), Office 2013sp1 (32 and 64 bit), Office 2016, Office for Mac 2011, Office 2016 for Mac, Compatibility Packs and Viewers for Word and Visio (2007 and 2010).
At least one of the CRITICAL vulnerabilities also apply to the following Office products: Office Word 2007sp3, Office 2010sp2 (32 and 64 bit versions), Office Word 2010 (32 and 64 bit versions), Office Word 2013 (32 and 64 bit versions), Microsoft Word 2013 RT, Microsoft Word 2016 (32 and 64 bit versions), Microsoft Office (Word) for Mac 2011, and Microsoft Office (Word) for Mac 2016.
At least one of the CRITICAL vulnerabilities also apply to the following Office Services and Apps products: Word automation services on SharePoint server 2010; Word automation services on SharePoint Server 2013; SharePoint Server 2016, Office Web apps 2010; Office Web apps 2013, and Office online server. As of this time, the vulnerabilities have not been exposed publicly nor has exploit code been identified.
As of this time, the vulnerabilities have not been exposed publicly nor has exploit code been identified.
MS16-089 – Windows Secure Kernel Mode – Windows 10 only – Information Disclosure Vulnerability – IMPORTANT
Bulletin MS16-089 resolves one Information Disclosure Vulnerability in Windows 10. The information disclosure vulnerability exists when Windows Secure Kernel Mode improperly handles objects in memory. A locally-authenticated attacker who successfully exploited this vulnerability could be able to read sensitive information on the target system.
To exploit this vulnerability, an attacker could run a specially crafted application on the target system. Note that the information disclosure vulnerability by itself would not be sufficient for an attacker to compromise a system. However, an attacker could combine this vulnerability with additional vulnerabilities to further exploit the system. The update addresses the vulnerability by correcting how Windows Secure Kernel Mode handles objects in memory. As of this time, the vulnerabilities have not been exposed publicly nor has exploit code been identified.
MS16-090 – Windows Kernel Mode Drivers– Elevation of Privilege/Information Disclosure Vulnerability – IMPORTANT
Bulletin MS16-090 resolves five elevation of privilege and one information disclosure vulnerability in all currently supported Windows Workstations and Server versions (including server core only installations). The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. The elevation of privilege conditions could occur when Windows Secure Kernel Mode improperly handles objects in memory. As of this time, the vulnerabilities have not been exposed publicly nor has exploit code been identified.
MS16-091 – Windows .NET Framework – Information Disclosure Vulnerability – IMPORTANT
Bulletin MS16-091 resolves one Information Disclosure vulnerability in .NET framework for the following Windows Workstation and Server products: Windows Vista, Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008, Windows Server 2008R2, Windows Server 2012 and 2012R2, and server core installs of Windows 2008R2, 2012 and 2012R2. The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to a web-based application. As of this time, the vulnerabilities have not been exposed publicly nor has exploit code been identified.
MS16-092 – Windows Kernel –Information Disclosure/Security Feature Bypass Vulnerability – IMPORTANT
Bulletin MS16-092 resolves a single Information Disclosure and a single Security Feature Bypass vulnerability in the following Windows Workstations and Server products: Windows 8.1 (all versions), Windows 10, and Windows Server 2012 (all versions including server core only installs). As of this time, the information disclosure vulnerability has been identified publicly but exploit code has yet to be identified.
MS16-093 – Windows Browser – Adobe Flash – Remote Code Execution – CRITICAL
Bulletin MS16-093 resolves approximately twenty-four CRITICAL Remote Code Execution vulnerabilities in the Web Browsers for the following Windows Operating systems: Windows 8.1, Windows RT 8.1 and Windows 10. The vulnerabilities also exist in the Windows Server 2012 web browser implementation but are only assigned a severity of Moderate. As of this time, no exploit code has been identified.
MS16-094 – Windows Secure boot – Security Feature Bypass – IMPORTANT
Bulletin MS16-094 resolves a single Security Feature Bypass vulnerability in Windows Secure Boot for the following Operating Systems: Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2012 (all versions including server core only installations). As of this time, the vulnerability has been identified publicly but exploit code has yet to be identified.
AgriLife ISO Recommendation
Patches released on July 12 should be installed on IT resources running both Windows Server or workstation operating systems as soon as possible after appropriate testing.