Microsoft has just released the patches for January 2016. The details are available at http://technet.microsoft.com/en-us/security/bulletin/ms16-jan
There are a total of nine bulletins being released. Six of the bulletins being patched are identified as CRITICAL and the remainder are classified as IMPORTANT. Vulnerabilities being patched in bulletins MS16-001 through MS16-007 could allow remote code execution if successfully exploited.
Remote code execution exploits are commonly used via drive by (web page) exploits or email attachments to compromise workstation operating systems. In the case of Windows or Office vulnerabilities, remote code execution is exploitable via specially crafted files or media content. The majority of the remote code execution vulnerabilities are exploitable via memory corruption compromises. Other mechanisms of compromise could allow the following exploits: Elevation of Privilege, or Information Disclosure.
The December bulletins are identified as MS16-001/MS16-010
CRITICAL patches for January
The CRITICAL vulnerabilities apply to Windows, Internet Explorer, Edge (Windows 10 browser) and Office and could allow remote code execution if successfully exploited.
IMPORTANT bulletins apply to Windows and Microsoft Exchange Server.
MS16–001– Internet Explorer – Remote Code Execution – CRITICAL
There are a total of two vulnerabilities being patched in Internet Explorer (one of which is designated as critical). The critical vulnerability would allow a critical remote code execution if successfully exploited (on workstations) and with the exception of server core only installations, apply to all supported versions of Internet Explorer on all operating systems. The remaining patch addresses a vulnerability that could allow Elevation of Privilege if successfully exploited.
As of this time, only the elevation of privilege vulnerability (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0005) has been publicly disclosed.
Note: The vulnerabilities are classified as MODERATE for Server operating systems such as Windows Server 2008 (32, 64 bit and Itanium), Server 2008R2, Server 2012 and Server 2012R2.
MS16-002 – Windows 10 – Microsoft Edge – Remote Code Execution – CRITICAL
There are a total of two vulnerabilities being patched in the Edge web browser that ships with Windows 10. The vulnerabilities could allow Remote Code Execution on workstations if successfully exploited on Windows 10. As of this time, none of the Edge Browser Remote Code Execution vulnerabilities have been publicly disclosed.
MS16-003 – Windows – Vista and Server 2008 (including server core only installs) – JScript and VBScript versions 5.7 and 5.8 – Remote Code Execution – CRITICAL
There is one vulnerability being patched in the Visual Basic Scripting engine in Windows for the following Operating Systems: Windows Vista (32 and 64 bit versions), Windows Server 2008 (including server core only installations). The vulnerability could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website.
As of this time, the Jscript and VBScript Remote Code Execution have not been publicly disclosed.
MS16-004 – Windows Office – Remote Code Execution – CRITICAL
There are five vulnerabilities being patched in all currently supported versions of Microsoft Office (including Macintosh). Two of which are designated as Remote Code Execution (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0010 and http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0035 ) with the remaining vulnerabilities being designated as Security Feature Bypass. The remote code execution vulnerability associated with CVE-2016-0035 is actually assigned an IMPORTANT security classification as opposed to CRITICAL.
MS16-005 – Windows Kernel mode drivers – Remote Code Execution – CRITICAL for Vista, Windows 7 and Server 2008. IMPORTANT for Windows 8 and 8.1, Windows RT, Server 2012R2, and Windows 10.
There are two vulnerabilities being patched in Windows Kernel Mode Drivers for all currently Microsoft operating systems. One of the two vulnerabilities could allow remote code execution if successfully compromise and the second would allow an Information Disclosure condition. The vulnerabilities are designated as CRITICAL for the following workstation products: Vista (32 and 64 bit), Windows 7 (32 and 64 bit) and IMPORTANT for Windows 8/8.1 (32 and 64 bit), Windows RT and RT 8.1, and Windows 10. Additionally, for the 2008 version of Windows Server, the remote code execution vulnerability is assigned a CRITICAL designation even for Server Core only installs. The second vulnerability being patched in MS16-005 addresses an error in Address Space Layout Randomization security protections.
MS16-006 – Windows Silverlight installations on all platforms (including Mac) – Remote Code Execution – CRITICAL
There is one Remote Code Execution vulnerability being patched in Windows Silverlight. The vulnerability exists in all versions of Silverlight 5 or Silverlight 5 Developer Runtime when installed on any workstation or server system including Macintosh.
To exploit the vulnerability, an attacker could host a website that contains a specially crafted Silverlight application and then convince a user to visit a compromised website. The attacker could also take advantage of websites containing specially crafted content, including those that accept or host user-provided content or advertisements.
As of this time, information provided by Microsoft indicates the details have not been disclosed publically nor has exploit code been potentially identified.
MS16-007 – Windows – Remote code execution and Elevation of Privilege – IMPORTANT (assigned a severity of CRITICAL by SANS – https://isc.sans.edu/forums/diary/January+2016+Microsoft+Patch+Tuesday/20605/ )
There are three Remote Code Execution, one Elevation of Privilege and one Security Feature Bypass vulnerabilities being patched in Windows. The vulnerabilities apply to the following products: Vista, Windows 7, Windows 8,8.1 and Windows 10, Server 2008, 2008R2 and Server 2012 including Server core only installations. The Windows 10 operating system has the majority of patches associated with MS16-007. All three exploit vectors (remote code execution, elevation of privilege and security feature bypass) are present in Windows 10. Details of two of the remote code execution vulnerabilities (CVE-2016-0016 and CVE-2016-0018) have been released publicly.
Note: Even Server Core Only installations are affected by the Elevation of Privilege vulnerability.
MS16-008 – Windows – Elevation of Privilege – IMPORTANT
There are two Elevation of Privilege vulnerabilities being patched in Microsoft Windows. The vulnerabilities apply to all current Microsoft Server and Desktop Windows versions including those with server core only installs.
As of this time, information provided by Microsoft indicates the details of the vulnerabilities have not been publicly disclosed.
MS16-010 – Windows – Exchange Server – Spoofing – IMPORTANT
There are four Exchange Spoofing vulnerabilities classified as IMPORTANT being patched in all versions of Exchange Server.
As of this time, information provided by Microsoft indicates the details have not been disclosed publicly nor has exploit code been potentially identified.
AgriLife ISO Recommendation
Considering the fact that the Internet Explorer vulnerabilities are likely to be exploited in the near future, it is recommended that the January patches for Microsoft be applied as soon as possible to workstation and also server systems following appropriate testing.