Microsoft has just released the patches for March 2016. The details are available at http://technet.microsoft.com/en-us/security/bulletin/ms16-mar
Vulnerabilities being patched in bulletins MS16-023 through MS16-030 could allow remote code execution if successfully exploited.
Remote code execution exploits are commonly used via drive by (web page) exploits or email attachments to compromise workstation operating systems. In the case of Windows or Office vulnerabilities, remote code execution is exploitable via specially crafted files or media content. The majority of the remote code execution vulnerabilities are exploitable via memory corruption compromises. Other mechanisms of compromise could allow the following exploits: Elevation of Privilege, or Information Disclosure.
The March bulletins are identified as MS16-023/MS16-035
CRITICAL patches for March
The CRITICAL vulnerabilities apply to Windows, Internet Explorer and Edge (Windows 10 browser) and could allow remote code execution if successfully exploited.
IMPORTANT bulletins (some of which are remote code execution) apply to Windows, .NET frame work and, Office and Office Services and Web apps.
MS16-023 – Internet Explorer – Remote Code Execution – CRITICAL
There are a total of thirteen vulnerabilities being patched in Internet Explorer (all of which are designated as critical for at least one Internet Explorer version clients). Additionally, at least 12 of the critical vulnerabilities apply to the most hardened browser, IE11. The critical vulnerability would allow remote code execution if successfully exploited (on workstations) and with the exception of server core only installations, apply to all supported versions of Internet Explorer on all operating systems.
According to information provided by Microsoft, none of the web browser vulnerabilities have exploit code currently available nor had the vulnerabilities been publicly disclosed prior to March 8.
Note: The vulnerabilities are classified as MODERATE for Server operating systems such as Windows Server 2008 (32, 64 bit and Itanium), Server 2008R2, Server 2012 and Server 2012R2.
MS16-024 – Windows 10 – Microsoft Edge – Remote Code Execution – CRITICAL
There are a total of eleven vulnerabilities being patched in the Edge web browser that ships with Windows 10. All but one of the vulnerabilities could allow Remote Code Execution on workstations if successfully exploited on Windows 10. The one exception could allow an information disclosure condition on the Edge Browser for Windows 10. As of this time, none of the Edge Browser Remote Code Execution vulnerabilities have been publicly disclosed
MS16-025 – Windows – Loading Library – Remote Code Execution – IMPORTANT
There is one vulnerability being patched in the Loading library in Windows for the following Operating Systems: Windows Vista SP2 (32 and 64 bit), Server 2008 sp2, 32, 64 bit and Itanium including Server core only installs. The vulnerability could allow remote code execution if Microsoft Windows fails to properly validate input before loading certain libraries. However, an attacker must first gain access to the local system with the ability to execute a malicious application. Microsoft Windows Loading Library improperly handles application programming interface (API) calls, which could allow an attacker to run arbitrary code on the user’s system.
According to information provided by Microsoft, none of the vulnerabilities have exploit code currently available nor had the vulnerabilities been publicly disclosed prior to March 8.
MS16-026 – Windows – Graphic fonts – Remote Code Execution – CRITICAL
There are two Open Type font parsing vulnerabilities being patched in the following versions of Windows: Vista (all versions), Windows 7 (all versions), Windows 8.1 (all versions), Windows RT 8.1, Windows 10 (all versions), Windows Server 2008 (all versions), Windows Server 2008R2 (all versions) and Windows Server 2012 (all versions). The most severe vulnerability could allow remote code execution if an attacker either convinces a user to open a specially crafted document, or to visit a webpage that contains specially crafted embedded OpenType fonts. The vulnerability exists and is classified as CRITICAL even in server core only installations of Windows Server operating systems. The less severe vulnerability would only cause a denial of service condition if successfully exploited.
According to information provided by Microsoft, none of the vulnerabilities have exploit code currently available nor had the vulnerabilities been publicly disclosed prior to March 8.
MS16-027 – Windows – Windows Media – Remote Code Execution – CRITICAL
There are two remote code media processing vulnerabilities being patched in Windows for the following Microsoft operating systems: Windows 7, Windows 8.1, Windows RT 8.1 and Windows 10, Windows Server 2008R2, and Windows Server 2012 (all versions). The vulnerabilities could allow remote code execution if a user opens specially crafted media content that is hosted on a website.
Note: All patches in MS16-027 are designated as CRITICAL even for Server operating system installations.
MS16-028 – Microsoft Windows – PDF Library – Remote Code Execution – CRITICAL
There are two Remote Code Execution vulnerabilities being patched in all of the following versions of Microsoft Windows: Windows 8.1, RT 8.1, Windows 10, Server 2012 (including server core only) and Server 2012R2 (also including server core only). The vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file. Only Windows 10 has is affected by both vulnerabilities. The other operating systems are potentially impacted only be one.
As of this time, information provided by Microsoft indicates the details have not been disclosed publically nor has exploit code been potentially identified.
MS16-029 – Windows – Office – Remote Code Execution – IMPORTANT (classified as CRITICAL for workstations by SANS )
There are three vulnerabilities being patched in the following versions of Microsoft Office (specifically Microsoft Word within Office): Office 2008, Office 2010, Office 2013, Office 2013RT, Office for Mac 2011, Office 2016, Office for Mac 2016, Office compatibility pack sp3, Word Viewer, Office web apps 2010 and 2013, SharePoint Server 2010 and 2013. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. The third is identified as Security Feature bypass.
As of this time, according to Microsoft, the details of the remote code execution vulnerabilities have not been disclosed publicly nor has exploit code been potentially identified.
MS16-030 – Windows – OLE – Remote Code Execution – IMPORTANT
There are two Elevation of Privilege vulnerabilities being patched the Object Linking and Embedding module of Microsoft Windows. The vulnerability applies the following operating systems: Vista, Window 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008, Server 2008R2, Server 2012 and Server 2012R2 (including server core only installations). The vulnerabilities could allow remote code execution if Windows OLE fails to properly validate user input. An attacker could exploit the vulnerabilities to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.
As of this time, according to Microsoft, the details of the remote code execution vulnerabilities have not been disclosed publicly nor has exploit code been potentially identified.
MS16-031 – Windows – Elevation of Privilege – IMPORTANT
There is one Elevation of Privilege vulnerability being patched in the following versions of Windows: Vista, Windows 7, Windows Server 2008 and Server 2008R2 (including server core only installs). The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.
As of this time, information provided by Microsoft indicates the details have not been disclosed publicly nor has exploit code been potentially identified.
MS16-032 – Windows – Secondary Login – IMPORTANT
There is one Elevation of Privilege vulnerability being patched in the following versions of Windows: Vista, Windows 7, Windows 8.1, RT 8.1, Windows 10, Windows Server 2008, Server 2008R2, Server 2012 and Server 2012R2 (including server core only installs). The vulnerability could allow elevation of privilege if the Windows Secondary Logon Service fails to properly manage request handles in memory.
As of this time, information provided by Microsoft indicates the details have not been disclosed publicly nor has exploit code been potentially identified.
MS16-033 – Windows – USB Mass Storage Class Driver – IMPORTANT
There is one Elevation of Privilege vulnerability being patched in the following versions of Windows: Vista, Windows 7, Windows 8.1, RT 8.1, Windows 10, Windows Server 2008, Server 2008R2, Server 2012 and Server 2012R2 (including server core only installs). The vulnerability could allow elevation of privilege if an attacker with physical access inserts a specially crafted USB device into the system. The security update addresses the vulnerabilities by correcting how Windows handles objects in memory.
As of this time, information provided by Microsoft indicates the details have not been disclosed publicly nor has exploit code been potentially identified.
MS16-034 – Windows – Kernel Mode Drivers – IMPORTANT
There are four Elevation of Privilege vulnerabilities being patched in the Win32K module for the following versions of Windows: Vista, Windows 7, Windows Server 2008 Server 2008R2, Server 2012 and Server 2012R2 (including server core only installs). The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. The security update addresses the vulnerabilities by correcting how Windows handles objects in memory.
As of this time, information provided by Microsoft indicates the details have not been disclosed publicly nor has exploit code been potentially identified.
MS16-035 – Windows – .NET frame work – Security Feature Bypass – IMPORTANT
There is one Security Feature bypass vulnerability being patched in the .NET framework of the following versions of Windows: Vista (all versions), Windows 7 (all versions), Windows 8.1 (all versions), Windows 10 (all versions), Windows Server 2008 (all versions), Server 2008R2 (all versions), Server 2012 and Server 2012R2 (including server core only installs) that run one of the following Microsoft .NET Frameworks: 2.0 Service Pack 2, Microsoft .NET Framework 3.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, and Microsoft .NET Framework 4.6.1 on affected releases of Microsoft Windows. The security feature bypass exists in a .NET Framework component that does not properly validate certain elements of a signed XML document.
As of this time, information provided by Microsoft indicates the details have not been disclosed publicly nor has exploit code been potentially identified.
Adobe security patches – Adobe Reader and Acrobat
The following products received security updates from Adobe on March 8: Adobe Reader XI, Acrobat XI and Reader DC, Acrobat DC (continuous and classic tracks – http://www.adobe.com/devnet-docs/acrobatetk/tools/AdminGuide/whatsnewdc.html )
The updated versions are: Acrobat XI and Reader XI- 11.0.14, Acrobat/Reader DC (continuous) – 15.010.20059, Acrobat/Reader DC (classic) – 15.006.30119,
Please see the following URL for additional details – https://helpx.adobe.com/security/products/acrobat/apsb16-09.html
Details for other Adobe products updated on March 8 are available at https://helpx.adobe.com/security.html
AgriLife ISO Recommendation
Considering the fact that most of the vulnerabilities for March apply to the majority of client operating systems and even apply to server operating systems with the server core only installation, it is recommended that the March patches for Microsoft be applied as soon as possible to workstation and also server systems following appropriate testing.