Texas A&M AgriLife IT Security
Texas A&M AgriLife IT SecurityLatest IT news & tips to keep your computer safe

Patches released by Microsoft for January 2016 – release date Jan 12

by

Microsoft has just released the patches for January 2016. The details are available at  http://technet.microsoft.com/en-us/security/bulletin/ms16-jan

There are a total of nine bulletins being released. Six of the bulletins being patched are identified as CRITICAL and the remainder are classified as IMPORTANT. Vulnerabilities being patched in bulletins MS16-001 through MS16-007 could allow remote code execution if successfully exploited.

Remote code execution exploits are commonly used via drive by (web page) exploits or email attachments to compromise workstation operating systems.  In the case of Windows or Office vulnerabilities, remote code execution is exploitable via specially crafted files or media content. The majority of the remote code execution vulnerabilities are exploitable via memory corruption compromises.  Other mechanisms of compromise could allow the following exploits: Elevation of Privilege,  or Information Disclosure.

The December bulletins are identified as MS16-001/MS16-010

CRITICAL patches for January

The CRITICAL vulnerabilities apply to Windows, Internet Explorer, Edge (Windows 10 browser) and Office and could allow remote code execution if successfully exploited.

IMPORTANT bulletins apply to Windows and Microsoft Exchange Server.

MS16001– Internet Explorer – Remote Code Execution – CRITICAL

There are a total of two vulnerabilities being patched in Internet Explorer (one of which is designated as critical). The critical vulnerability would allow a critical remote code execution if successfully exploited (on workstations) and with the exception of server core only installations, apply to all supported versions of Internet Explorer on all operating systems.   The remaining patch addresses a vulnerability that could allow Elevation of Privilege if successfully exploited.

As of this time, only the elevation of privilege vulnerability (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0005) has been publicly disclosed.

Note: The vulnerabilities are classified as MODERATE for Server operating systems such as Windows Server 2008 (32, 64 bit and Itanium), Server 2008R2, Server 2012 and Server 2012R2.

MS16-002 – Windows 10 – Microsoft Edge – Remote Code Execution – CRITICAL

There are a total of two vulnerabilities being patched in the Edge web browser that ships with Windows 10. The vulnerabilities could allow Remote Code Execution on workstations if successfully exploited on Windows 10. As of this time, none of the Edge Browser Remote Code Execution vulnerabilities have been publicly disclosed.

MS16-003 – Windows – Vista and Server 2008 (including server core only installs) – JScript and VBScript versions 5.7 and 5.8   – Remote Code Execution – CRITICAL

There is one vulnerability being patched in the Visual Basic Scripting engine in Windows for the following Operating Systems:  Windows Vista (32 and 64 bit versions), Windows Server 2008 (including server core only installations). The vulnerability could allow remote code execution if an attacker hosts a specially crafted website that is designed to exploit the vulnerabilities through Internet Explorer (or leverages a compromised website or a website that accepts or hosts user-provided content or advertisements) and then convinces a user to view the website.

As of this time, the Jscript and VBScript Remote Code Execution have not been publicly disclosed.

MS16-004 – Windows OfficeRemote Code Execution – CRITICAL

There are five vulnerabilities being patched in all currently supported versions of Microsoft Office (including Macintosh). Two of which are designated as Remote Code Execution (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0010 and http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0035 ) with the remaining vulnerabilities being designated as Security Feature Bypass.   The remote code execution vulnerability associated with CVE-2016-0035 is actually assigned an IMPORTANT security classification as opposed to CRITICAL.

MS16-005 –  Windows Kernel mode drivers – Remote Code Execution – CRITICAL for Vista, Windows 7 and Server 2008. IMPORTANT for Windows 8 and 8.1, Windows RT, Server 2012R2, and Windows 10.

There are two vulnerabilities being patched in Windows Kernel Mode Drivers for all currently Microsoft operating systems. One of the two vulnerabilities could allow remote code execution if successfully compromise and the second would allow an Information Disclosure condition. The vulnerabilities are designated as CRITICAL for the following workstation products: Vista (32 and 64 bit), Windows 7 (32 and 64 bit) and IMPORTANT for Windows 8/8.1 (32 and 64 bit), Windows RT and RT 8.1, and Windows 10. Additionally, for the 2008 version of Windows Server, the remote code execution vulnerability is assigned a CRITICAL designation even for Server Core only installs. The second vulnerability being patched in MS16-005 addresses an error in Address Space Layout Randomization security protections.

MS16-006 –  Windows Silverlight installations on all platforms (including Mac) – Remote Code Execution – CRITICAL

There is one Remote Code Execution vulnerability being patched in Windows Silverlight. The vulnerability exists in all versions of Silverlight 5 or Silverlight 5 Developer Runtime when installed on any workstation or server system including Macintosh.

To exploit the vulnerability, an attacker could host a website that contains a specially crafted Silverlight application and then convince a user to visit a compromised website. The attacker could also take advantage of websites containing specially crafted content, including those that accept or host user-provided content or advertisements.

As of this time, information provided by Microsoft indicates the details have not been disclosed publically nor has exploit code been potentially identified.

MS16-007 – Windows – Remote code execution and Elevation of Privilege IMPORTANT (assigned a severity of CRITICAL by SANS – https://isc.sans.edu/forums/diary/January+2016+Microsoft+Patch+Tuesday/20605/ )

There are three Remote Code Execution, one Elevation of Privilege and one Security Feature Bypass vulnerabilities being patched in Windows. The vulnerabilities apply to the following products: Vista, Windows 7, Windows 8,8.1 and Windows 10, Server 2008, 2008R2 and Server 2012 including Server core only installations. The Windows 10 operating system has the majority of patches associated with MS16-007. All three exploit vectors (remote code execution, elevation of privilege and security feature bypass) are present in Windows 10.     Details of two of the remote code execution vulnerabilities (CVE-2016-0016 and CVE-2016-0018) have been released publicly.

Note: Even Server Core Only installations are affected by the Elevation of Privilege vulnerability.

MS16-008 –  Windows – Elevation of Privilege –  IMPORTANT

There are two Elevation of Privilege vulnerabilities being patched in Microsoft Windows. The vulnerabilities apply to all current Microsoft Server and Desktop Windows versions including those with server core only installs.

As of this time, information provided by Microsoft indicates the details of the vulnerabilities have not been publicly disclosed.

MS16-010 –  Windows – Exchange Server – Spoofing IMPORTANT

There are four Exchange Spoofing vulnerabilities classified as IMPORTANT being patched in all versions of Exchange Server.

As of this time, information provided by Microsoft indicates the details have not been disclosed publicly nor has exploit code been potentially identified.

 

AgriLife ISO Recommendation

Considering the fact that the Internet Explorer vulnerabilities are likely to be exploited in the near future, it is recommended that the January patches for Microsoft be applied as soon as possible to workstation and also server systems following appropriate testing.

 

 

 

 

Microsoft and Adobe patches for January – released on Jan 13

by

Microsoft has released the security bulletins for January. The details are available at http://blogs.technet.com/b/msrc/archive/2015/01/13/january-2015-updates.aspx

There are a total of eight security bulletins released for January.

Only one patch is designated as CRITICAL. The remaining seven patches are designated as IMPORTANT. The one critical patch applies to telnet. By default, telnet is installed but not enabled on Windows 2003 server installations. The telnet service is not installed on Windows Vista and later (including Server versions) operating systems.

 

All of the IMPORTANT patches apply to Windows operating systems only and are limited to either Elevation Of Privilege (https://technet.microsoft.com/library/security/MS15-001, https://technet.microsoft.com/library/security/MS15-003 , https://technet.microsoft.com/library/security/MS15-004 and https://technet.microsoft.com/library/security/MS15-008 ), Security Feature bypass (https://technet.microsoft.com/library/security/MS15-005 and https://technet.microsoft.com/library/security/MS15-006) or Denial of Service (https://technet.microsoft.com/library/security/MS15-007 ) exploits.

 

Adobe also released a patch for Flash on January 13. The details are available at http://helpx.adobe.com/security/products/flash-player/apsb15-01.html

The current version of Adobe Flash is 16.0.0.257. Users of Adobe Air should update to version 16.0.0.245. Adobe flash for Google Chrome and Internet Explorer on Windows 8 should also update to version 16.0.0.257.

 

Based on the information currently available, the AgriLife ISO recommended patch deployment priority is limited to Windows Server 2003 systems that have telnet enabled. For workstations, only the Adobe flash patch includes a recommendation to patch as soon as possible. There currently is no urgency identified in patches associated with Microsoft supported products for workstations in the January updates.

Advance notice of January 2014 Microsoft patches – to be released on January 14.

by

Microsoft has just provided advance notice of the patches that are scheduled to be released on January 14. The information is available at – http://technet.microsoft.com/en-us/security/bulletin/ms14-jan.   In just about all respects, its a light month. There are only four patches to be released. None of the four patches are classified as CRITICAL.  All of the patches are classified as IMPORTANT and only one of the four (Bulletin #1) is a vulnerability that would allow remote code execution if successfully exploited.

Further, the vulnerability being addressed in Bulletin #1 only applies to Word installations of Microsoft Office 2007-2013 and SharePoint 2010-2013 or Office Web Apps 2010-2013 installations.

Two of the three remaining patches are limited to elevation of privilege vulnerabilities for Windows XP and Server 2003 (bulletin #2) only; and also Windows 7 and Server 2008 R2 (bulletin #3).  The final patch is limited to a denial of service vulnerability in the Microsoft Enterprise Resource Planning products Microsoft Dynamics AX 4.0, Microsoft Dynamics AX 2010 and Microsoft Dynamics AX 2012.

As of this time,  no other products widely deployed (such as Java or Flash) are scheduled to be patched on Tuesday, January 14.

This web article will be updated as additional details are made available.

Update Jan 10 8:10 a.m.

Updates for Java and Adobe Reader and Acrobat are also scheduled to be released on January 14.

Additional details are available at the following URLs

  • Java (and other) Oracle updates to be released on Jan 14.

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

  • Adobe Reader & Acrobat

http://helpx.adobe.com/security/products/acrobat/apsb14-01.html

Advance notice of Microsoft Patches to be released on January 8, 2013 – and other updates for Jan

by

On Thursday, January 3, Microsoft provided advance notice of the patches that are scheduled to be released on Tuesday, January 8, 2013. The details as they are currently known are available at http://technet.microsoft.com/en-us/security/bulletin/ms13-jan   There are a total of seven bulletins scheduled to be released that include two patches designated as CRITICAL and five designated as IMPORTANT.   The CRITICAL bulletins address vulnerabilities in the following Microsoft products:

Workstation Operating Systems

  • Windows 8
  • Windows RT
  • Windows 7
  • Windows Vista
  • Windows XP

Server Operating Systems

  • Windows Server 2008R2 base and SP1 (64 bit and Itanium versions)

Microsoft Server software

  • SharePoint Server 2007 SP2 and SP3 (32 and 64 bit)
  • Groove Server 2007 SP2 and SP3

Microsoft Office Suites and Software

  • Office 2003 SP3
  • Office 2007 SP2 and SP3

Other Microsoft software

  • Microsoft Word viewer
  • Office Compatibility Pack SP2 and SP3

Developer tools and Software

  • Expression Web Service pack 1
  • Expression Web 2

Patches designated as IMPORTANT apply to all workstation and server operating systems that are supported including Windows 8 and Server 2012. However, it should be noted that the bulletins designated as IMPORTANT would only allow an elevation of privilege* exploit to take place as opposed to a potentially more harmful remote code execution exploit in the case of bulletins designated as CRITICAL.

It is currently unknown if any of the vulnerabilities patched in the January updates are currently being exploited. For that reason no recommendation is available as to the urgency of the application of the patches. Additional information will be provided after the patches are released on Tuesday, January 8.

*Note: Vulnerabilities that allow remote code execution do not require the user to have been authenticated on the system to be successfully exploited.  In contrast, vulnerabilities that enable an elevation of privilege DO require that the user have an account/logon ID on the system (and have successfully authenticated) before malicious software can successfully exploit the vulnerability.

Update Jan 8 1:45 p.m.

Microsoft has provided additional details of the patches released on January 8. While no exploit code has been identified for the most severe patches (MS13-01 and MS13-02), identified with CRITICAL designations, it is recommended that patch MS13-02 for Print Spooler core services be applied to servers when feasible and MS13-01 for MSXML core services be applied to workstations as soon as possible.

Specifics for Print Spooler Vulnerability addressed in MS13-02

The vulnerability for the print spooler has no direct infection vector. To perform a successful exploit, a malicious print job would have to be sent to a shared printer and other users with access to the shared printer would have to use third party (non-Microsoft) products to query the printer for information on the malicious content.

Specifics for MSXML Core Services vulnerability addressed in MS13-01

Reliable exploit code is expected within the next 30 days for the vulnerability addressed with patch MS13-01.  The vulnerability exists in the way Windows parses XML content.  The vulnerability could be exploited if the user browses to malicious web page. Under that condition, malicious content will be installed on the workstation (either as administrator if that is how the user was logged in, or as a limited user if running under a non-admin account).  Additionally, if web browsing is performed from a system running a Windows Server operating system, some inherent protections will be realized due to the restricted mode associated with Internet Explorer Enhanced Security Configuration  integrated within Microsoft Server operating systems.  The enhanced security configuration should limit the exposure for server operating systems that encounter a malicious web page.  However, it is still strongly recommended that no web browsing be performed from Server Systems.

Update 2 – 3:00 p.m.

Software patches were also released for Mozilla Firefox, and Thunderbird on January 8. See the following URLS for details

Adobe also released patches for Acrobat and Reader versions 10.0.4 and 11.0. on January 8. Please see the following URL for details

Update Jan 14 8:00 a.m.

Note: On Jan 7, an active zero day exploit was identified for Java version 1.7.10. Oracle released an updated version of Java on January 13. The updated version is 1.7.11 and can be downloaded from – http://java.com/en/download/index.jsp

Details are available at – http://www.oracle.com/technetwork/java/javase/7u11-relnotes-1896856.html

Advance notice of January Microsoft patches for Windows OSs and Applications

by

Microsoft has just sent their advance notice of the patches that are scheduled to be released on Tuesday, January 10.  There are a total of seven patches to be released for January.  All but one of the patches apply to Windows Workstation and Server Operating Systems. The one exception applies to Microsoft Developer Tools and Software.

All but one of the patches are classified as IMPORTANT. The one exception is classified as CRITICAL on Windows Server 2003 and 2008, Windows XP and Windows Vista operating systems (for Windows 7 and Windows Server 2008R2 installations, the same patch is classified as IMPORTANT) and will require a restart of the specific system being updated.

The primary rationale for the classification of CRITICAL for bulletin #1 on Windows Server 2003, Server 2008 and Windows XP/Vista systems is the vulnerability could allow remote code execution if exploited.

 

The following details are currently unknown and should be made available on Tuesday:

  • If the exploit has been identified to the public
  • If the exploit code requires an authenticated account for the vulnerability to be exploited successfully.
  • If the vulnerability can be exploited consistently with security features* included in the most current Windows operating (such as Windows Server 2008R2 and Windows 7)

Each of these factors will determine the urgency for the application of the critical patch.

*Security features implemented by default in the most current operating systems include:
http://en.wikipedia.org/wiki/Address_space_layout_randomization
http://en.wikipedia.org/wiki/Data_Execution_Prevention

Update – January 10, 4 p.m.

Additional information has been recently provided detailing the scope of the Microsoft patches released on January 10. It is available at – http://technet.microsoft.com/en-us/security/bulletin/ms12-jan

As originally indicated, Microsoft has only identified one patch as being critical for workstations and servers –  http://technet.microsoft.com/en-us/security/bulletin/ms12-004 . However, one other source (http://isc.sans.edu/diary/January+2012+Microsoft+Black+Tuesday+Summary/12361) has recommended that TWO patches should be applied to workstations immediately  (http://technet.microsoft.com/en-us/security/bulletin/ms12-004 and http://technet.microsoft.com/en-us/security/bulletin/ms12-005 ) and also that the MS12-004 and MS12-005 patches be applied to servers as soon as possible. The ISC-SANs source has also identified patch MS12-002 as critical for workstations.

 

There are currently no known exploits identified for these vulnerabilities.  However, it is fully expected that exploit code WILL made available within the next 30 days.

 

The breakdown of vulnerabilities and the potential for exploitation is as follows:

Workstation OS – Bulletin #1 – Security Feature Bypass – http://technet.microsoft.com/en-us/security/bulletin/ms12-001

NOTE – Security Feature Bypass vulnerability. Reliable exploit code is expected. Vulnerability has not been publically disclosed as of this time.

  • Windows XP–SP3 32bit – NOT APPLICABLE
  • Windows XP-SP2 64bit – IMPORTANT
  • Windows Vista-SP2 – 32 and 64 bit – IMPORTANT
  • Windows 7 – base and SP1 both 32 and 64 bit – IMPORTANT

Server OS – Bulletin #1 – http://technet.microsoft.com/en-us/security/bulletin/ms12-001

  • Windows Server 2003-SP2 (32, 64 bit and Itanium systems) – IMPORTANT
  • Windows Server 2008-SP2 (32, 64 bit and Itanium systems) – IMPORTANT
  • Windows Server 2008R2- base and SP1 (64 bit and Itanium systems) – IMPORTANT

Workstation OS – Bulletin #2 – http://technet.microsoft.com/en-us/security/bulletin/ms12-002

NOTE – Remote Code Execution vulnerability. Reliable exploit code is expected at a future date. Vulnerability has not been publically disclosed as of this time.

  • Windows XP-SP3 32bit – IMPORTANT*
  • Windows XP-SP2 64bit – IMPORTANT*
  • Windows Vista-SP2 – NOT APPLICABLE for 32 or 64 bit Vista systems
  • Windows 7-SP1 – NOT APPLICABLE for 32 or 64 bit Windows 7 systems

*NOTE – Identified as CRITICAL for Workstation OSs by SANS – http://isc.sans.edu/diary/January+2012+Microsoft+Black+Tuesday+Summary/12361

Server OS – Bulletin #2 – http://technet.microsoft.com/en-us/security/bulletin/ms12-002

  • Windows Server 2003-SP2 (32, 64 bit and Itanium) – IMPORTANT
  • Windows Server 2008-SP2 (32, 64 bit and Itanium) – NOT APPLICABLE for Server 2008 installations
  • Windows Server 2008R2-base and SP1 (64 bit and Itanium) – NOT APPLICABLE for Server 2008R2 installations

Workstation OS- Bulletin #3 – http://technet.microsoft.com/en-us/security/bulletin/ms12-003

NOTE – Elevation of Privilege vulnerability. Reliable exploit code is expected at a future date. Vulnerability has not been publically disclosed as of this time. Applicable for systems running Asian (Chinese, Japanese or Korean) versions of Windows only

  • Windows XP–SP3 32bit – IMPORTANT
  • Windows XP-SP2 64bit – IMPORTANT
  • Windows Vista-SP2 (32 and 64 bit) – IMPORTANT
  • Windows 7-SP1 (32 and 64 bit) – NOT APPLICABLE

Server OS – Bulletin #3 – http://technet.microsoft.com/en-us/security/bulletin/ms12-003

  • Windows Server 2003-SP2 – (32, 64 bit and Itanium) IMPORTANT
  • Windows Server 2008-SP2 – (32, 64 bit and Itanium) IMPORTANT
  • Windows Server 2008R2-base and SP1 – (64bit and Itanium) NOT APPLICABLE for Server 2008R2 installations

Workstation OS – Bulletin #4 – http://technet.microsoft.com/en-us/security/bulletin/ms12-004

NOTE – Remote Code Execution vulnerability. Reliable exploit code is expected at a future date. Vulnerability has not been publically disclosed as of this time.

  • Windows XP-SP3 (32 bit) – CRITICAL
  • Windows XP-SP2 (64 bit) – CRITICAL
  • Windows Vista-SP2 (32 and 64 bit) – CRITICAL
  • Windows 7-SP1 (32 and 64 bit) – IMPORTANT

NOTE – For workstations, a patch now action is recommended by ISC-SANs for this vulnerability.

Server OS – Bulletin #4 – http://technet.microsoft.com/en-us/security/bulletin/ms12-004

  • Windows Server 2003-SP2 (32, 64 bit and Itanium) – CRITICAL
  • Windows Server 2008-SP2 (32, 64 bit and Itanium) – CRITICAL
  • Windows Server 2008R2-base and SP1 (64 bit and Itanium) – IMPORTANT

Workstation OS – Bulletin #5 – http://technet.microsoft.com/en-us/security/bulletin/ms12-005

NOTE – Remote Code Execution vulnerability. Reliable exploit code is expected at a future date. Vulnerability has not been publically disclosed as of this time.

  • Windows XP-SP3 (32 bit) – IMPORTANT
  • Windows XP-SP2 (64 bit) – IMPORTANT
  • Windows Vista-SP2 (32 and 64 bit) – IMPORTANT
  • Windows 7-SP1 (32 and 64 bit) – IMPORTANT

NOTE – For workstations, a patch now action is recommended by ISC-SANs for this vulnerability.

Server OS – Bulletin #5 – http://technet.microsoft.com/en-us/security/bulletin/ms12-005

  • Windows Server 2003-SP2 (32, 64 bit and Itanium) – IMPORTANT
  • Windows Server 2008-SP2 (32, 64 bit and Itanium) – IMPORTANT
  • Windows Server 2008R2-base and SP1 (64 bit and Itanium) – IMPORTANT

NOTE – For server operating systems, the ISC-SANs source assigns a critical classification for this vulnerability.

Workstation OS – Bulletin #6 – http://technet.microsoft.com/en-us/security/bulletin/ms12-006

NOTE – Information Disclosure vulnerability. Reliable exploit code is NOT expected to materialize. Vulnerability has been disclosed publically.

  • Windows XP–SP3 32bit – IMPORTANT
  • Windows XP-SP2 64bit – IMPORTANT
  • Windows Vista-SP2 – 32 and 64 bit – IMPORTANT
  • Windows 7 – base and SP1 both 32 and 64 bit – IMPORTANT

Server OS – Bulletin #6

  • Windows Server 2003-SP2 (32, 64 bit and Itanium) – IMPORTANT
  • Windows Server 2008-SP2 (32, 64 bit and Itanium) – IMPORTANT
  • Windows Server 2008R2-base and SP1 (64 bit and Itanium) – IMPORTANT

Anticross Site Scripting Library (aka Anti XCSS) – Bulletin #7 – http://technet.microsoft.com/en-us/security/bulletin/ms12-007

NOTE – Information Disclosure vulnerability. Reliable exploit code is NOT expected to materialize. Vulnerability has been disclosed publically.

Workstation OSs – Bulletin #7

  • All current workstation OSs that have the Anti XCSS library implemented

Server OS – Bulletin #7

  • All current server OSs that have the Anti XCSS library implemented