Wednesday, 10. August 2016

August Patch Tuesday: Nine Bulletins, Five Rated Critical

The second Tuesday of August has arrived, which means one thing for Microsoft users: Patch Tuesday. Relatively speaking, August’s batch of patches is relatively light, with only nine bulletins, although five are rated as Critical.

The Critical vulnerabilities cover flaws in Internet Explorer (MS16-095), Microsoft Edge (MS16-096), Microsoft Office (MS16-099), and two other Windows components (MS16-097, MS16-102). The flaws in the browsers allow for arbitrary code execution if a malicious website is opened; the others allow for code execution if documents (including Microsoft Office files and PDF files) are opened. Of the remaining four bulletins, three are information disclosure flaws while the fourth allows for Secure Boot to be bypassed.

While Adobe also released their patches on the second Tuesday of the month, in a welcome development for users neither Acrobat/Reader nor Flash Player received security updates as part of this cycle. No security updates are planned for the rest of the month by Adobe for these products.

The following vulnerabilities were disclosed via Trend Micro’s Zero Day Initiative (ZDI):


•  CVE-2016-3289 (MS16-095, MS16-096) (ZDI-16-454)
•  CVE-2016-3308 (MS16-098) (ZDI-16-453)
•  CVE-2016-3309 (MS16-098) (ZDI-16-449)
•  CVE-2016-3318 (MS16-099) (ZDI-16-451)
•  CVE-2016-3322 (MS16-095, MS16-096) (ZDI-16-450)
•  CVE-2016-3326 (MS16-095, MS16-096) (ZDI-16-452)


Trend Micro solutions

Trend Micro Deep Security and Vulnerability Protection protect user systems from any threats that may target these Microsoft vulnerabilities via the following DPI rules:


•  1007873—Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3288)
•  1007874—Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3289)
•  1007875—Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3290)
•  1007876—Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3293)
•  1007877—Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3322)
•  1007878—Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3326)
•  1007879—Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3327)
•  1007880—Microsoft PDF Remote Code Execution Vulnerability (CVE-2016-3319)
•  1007881—Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3301)
•  1007882—Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3303)
•  1007883—Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3304)
•  1007884—Microsoft Office Memory Corruption Vulnerability (CVE-2016-3313)
•  1007885—Microsoft Office Memory Corruption Vulnerability (CVE-2016-3316)
•  1007886—Microsoft Office Memory Corruption Vulnerability (CVE-2016-3317)
•  1007887—Microsoft Graphics Component Memory Corruption Vulnerability (CVE-2016-3318)
•  1007896—Microsoft Internet Explorer Information Disclosure Vulnerability Over WebDAV (CVE-2016-3321)
•  1007897—Microsoft Internet Explorer Information Disclosure Vulnerability Over SMB (CVE-2016-3321)


TippingPoint customers are protected from attacks exploiting these vulnerabilities with the following MainlineDV filters:


•  28779: HTTP: Microsoft Windows GDI Memory Corruption Vulnerability
•  28780: HTTP: Microsoft Windows GDI Integer Overflow Vulnerability
•  28781: HTTP: Microsoft Windows EmrText Buffer Overflow Vulnerability
•  28782: HTTP: Microsoft Windows win32kfull Privilege Escalation Vulnerability (ZDI-16-453)
•  28783: HTTP: Microsoft Windows gdi32 Privilege Escalation Vulnerability (ZDI-16-449)
•  28784: HTTP: Microsoft Windows gdi32 Privilege Escalation Vulnerability
•  28785: HTTP: Microsoft Windows win32kfull Privilege Escalation Vulnerability
•  28794: HTTP: Microsoft Internet Explorer FileReader Memory Corruption Vulnerability
•  28795: HTTP: Microsoft Internet Explorer CTreePos Type Confusion Vulnerability
•  28796: HTTP: Microsoft Internet Explorer and Edge UNC Information Disclosure Vulnerability
•  28797: HTTP: Microsoft Internet Explorer and Edge iertutil.dll Use-After-Free Vulnerability
•  28798: HTTP: Microsoft Edge PDF Memory Corruption Vulnerability
•  28799: HTTP: Microsoft Office mso.dll Information Disclosure Vulnerability
•  28804: HTTP: Microsoft Internet Explorer and Edge History Memory Corruption Vulnerability
•  28805: HTTP: Microsoft Office wwlib.dll Margin Information Disclosure Vulnerability
•  28806: HTTP: Microsoft Word RTF Information Disclosure Vulnerability
•  28808: HTTP: Microsoft Internet Explorer iframe Information Disclosure Vulnerability


Post from: Trendlabs Security Intelligence Blog - by Trend Micro

August Patch Tuesday: Nine Bulletins, Five Rated Critical