Wednesday, 9. November 2016

Patch Tuesday of November 2016: Six Critical Bulletins, Eight Important

November is the second-to-last Patch Tuesday of 2016, and it brings a slightly higher than typical number of bulletins: six Critical bulletins and eight Important bulletins. The 8th is the earliest date that Patch Tuesday can take place in a month; December’s Patch Tuesday (and the last of 2016) takes place in exactly five weeks. Among the items fixed today was the zero-day vulnerability in Windows that was used in the same attacks at the Adobe Flash Player zero-day in late October.

Of the Critical bulletins, two are the (expected) Internet Explorer and Microsoft Edge roll-up bulletins (MS16-142 and MS16-129, respectively). One bulletin (MS16-141) also covers the Flash zero-day, and updates the version of Flash included with supported versions of Edge/Internet Explorer.

The remaining three Critical bulletins cover flaws in various Microsoft Windows components.  As is typically the case, the vulnerabilities fixed in these bulletins could allow an attacker to run their own arbitrary code on an affected system.

As we noted at the start, one of the bulletins released today patched a vulnerability (CVE-2016-7255) which was used in targeted attacks in late October. This was MS16-135, which addressed flaws in Windows Kernel-mode drivers. This vulnerability allowed for escalation of privileges; used together with the Flash vulnerability this could allow an attacker to run code on a machine with administrator privileges, allowing them to take complete control of a machine.

Other highlights of the Important bulletins include MS16-133 which fixes various flaws in Microsoft Office, MS16-136 which does the same for Microsoft SQL Server, and MS-137 which fixes issues with how Windows authenticates users.

In sync with Patch Tuesday, Adobe also released a routine update for Adobe Flash Player. APSB16-37 bumps the latest version of Flash to 23.0.0.207 for most users and fixed nine vulnerabilities.

We recommend that users update their installed software as soon as is practical for their organizations.

Trend Micro researchers took part in the discovery of the following vulnerabilities:


•  CVE-2016-7255 (MS16-135)


The following vulnerabilities were disclosed via Trend Micro’s Zero Day Initiative (ZDI):


•  CVE-2016-7202 (MS16-129)
•  CVE-2016-7215 (MS16-135)
•  CVE-2016-7246 (MS16-135)


Trend Micro Solutions

Trend Micro Deep Security and Vulnerability Protection protect user systems from any threats that may target these Microsoft vulnerabilities via the following DPI rules:


•  1007990-Microsoft Windows Multiple Security Vulnerabilities (MS16-134)
•  1008006-Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7196)
•  1008007-Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7198)
•  1008008-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7200)
•  1008009-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7201)
•  1008010-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7203)
•  1008011-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7242)
•  1008012-Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7195)
•  1008013-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7202)
•  1008014-Microsoft Edge Information Disclosure Vulnerability (CVE-2016-7204)
•  1008015-Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-7227)
•  1008016-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7240)
•  1008017-Microsoft Internet Explorer And Edge Remote Code Execution Vulnerability (CVE-2016-7241)
•  1008018-Microsoft Office Memory Corruption Vulnerability (CVE-2016-7213)
•  1008019-Microsoft Office Memory Corruption Vulnerability (CVE-2016-7228)
•  1008020-Microsoft Office Memory Corruption Vulnerability (CVE-2016-7229)
•  1008021-Microsoft Office Memory Corruption Vulnerability (CVE-2016-7230)
•  1008022-Microsoft Office Memory Corruption Vulnerability (CVE-2016-7231)
•  1008023-Microsoft Office Memory Corruption Vulnerability (CVE-2016-7232)
•  1008024-Microsoft Office Information Disclosure Vulnerability (CVE-2016-7233)
•  1008025-Microsoft Office Memory Corruption Vulnerability (CVE-2016-7234)
•  1008026-Microsoft Office Memory Corruption Vulnerability (CVE-2016-7235)
•  1008027-Microsoft Office Memory Corruption Vulnerability (CVE-2016-7236)
•  1008029-Microsoft Windows Animation Manager Memory Corruption Vulnerability (CVE-2016-7205)
•  1008030-Microsoft Windows OpenType Font Information Disclosure Vulnerability (CVE-2016-7210)
•  1008031-Microsoft Windows Media Foundation Memory Corruption Vulnerability (CVE-2016-7217)
•  1008034-Microsoft Windows Multiple Security Vulnerabilities (MS16-135)
•  1008035-Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities (MS16-138)
•  1008036-Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2016-7256)


TippingPoint customers are protected from attacks exploiting these vulnerabilities with the following MainlineDV filters:


•  1008026-Microsoft Office Memory Corruption Vulnerability
•  1008019-Microsoft Office Memory Corruption Vulnerability
•  1008015-Microsoft Internet Explorer And Edge Information Disclosure Vulnerability
•  1008031-Microsoft Windows Media Foundation Memory Corruption Vulnerability
•  1008006-Microsoft Internet Explorer And Edge Memory Corruption Vulnerability
•  1008024-Microsoft Office Information Disclosure Vulnerability
•  1008010-Microsoft Edge Scripting Engine Memory Corruption Vulnerability
•  1008009-Microsoft Edge Scripting Engine Memory Corruption Vulnerability
•  1008008-Microsoft Edge Scripting Engine Memory Corruption Vulnerability
•  1008013-Microsoft Edge Scripting Engine Memory Corruption Vulnerability
•  1008025-Microsoft Office Memory Corruption Vulnerability
•  1008017-Microsoft Internet Explorer And Edge Remote Code Execution Vulnerability
•  1008016-Microsoft Edge Scripting Engine Memory Corruption Vulnerability
•  1008023-Microsoft Office Memory Corruption Vulnerability
•  1008014-Microsoft Edge Information Disclosure Vulnerability
•  1008021-Microsoft Office Memory Corruption Vulnerability
•  1008036-Microsoft Windows OpenType Font Parsing Vulnerability
•  1008029-Microsoft Windows Animation Manager Memory Corruption Vulnerability
•  1007990-Microsoft Windows Multiple Security Vulnerabilities
•  1008007-Microsoft Internet Explorer And Edge Memory Corruption Vulnerability
•  1008022-Microsoft Office Memory Corruption Vulnerability
•  1008027-Microsoft Office Memory Corruption Vulnerability
•  1008011-Microsoft Edge Scripting Engine Memory Corruption Vulnerability
•  1008035-Microsoft Windows Multiple Elevation Of Privilege Vulnerabilities
•  1008034-Microsoft Windows Multiple Security Vulnerabilities
•  1008018-Microsoft Office Memory Corruption Vulnerability
•  1008012-Microsoft Internet Explorer And Edge Memory Corruption Vulnerability
•  1008020-Microsoft Office Memory Corruption Vulnerability
•  1008030-Microsoft Windows OpenType Font Information Disclosure Vulnerability


Update as of November 9, 2016 6:00AM (UTC -8):

Updated to include TippingPoint MainlineDV filters.

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Patch Tuesday of November 2016: Six Critical Bulletins, Eight Important