Microsoft security alert.
April 12, 2016
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 39 vulnerabilities that were fixed in 13 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 13 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Microsoft Security Update for XML Core Services (MS16-040)
- Severity
- Critical 4
- Qualys ID
- 124885
- Vendor Reference
- MS16-040
- CVE Reference
- CVE-2016-0147
- CVSS Scores
- Base 9.3 / Temporal 6.9
- Description
-
A remote code execution vulnerability exists when the Microsoft XML Core Services (MSXML) parser processes user input.
The update addresses the vulnerability by correcting how the MSXML parser processes user input.
This security update is rated Critical for Microsoft XML Core Services 3.0 on all supported releases of Microsoft Windows.
- Consequence
- The vulnerability could allow an attacker to run malicious code remotely to take control of the user's system.
- Solution
-
Refer to Microsoft Security Bulletin MS16-040 for further details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-040 Windows 10 Version 1511 for 32-bit Systems
MS16-040 Windows 10 Version 1511 for x64-based Systems
MS16-040 Windows 10 for 32-bit Systems
MS16-040 Windows 10 for x64-based Systems
MS16-040 Windows 7 for 32-bit Systems Service Pack 1(Microsoft XML Core Services 3.0)
MS16-040 Windows 7 for x64-based Systems Service Pack 1(Microsoft XML Core Services 3.0)
MS16-040 Windows 8.1 for 32-bit Systems(Microsoft XML Core Services 3.0)
MS16-040 Windows 8.1 for x64-based Systems(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2008 for Itanium-based Systems Service Pack 2(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2012(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2012 (Server Core installation)(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2012 R2(Microsoft XML Core Services 3.0)
MS16-040 Windows Server 2012 R2 (Server Core installation)(Microsoft XML Core Services 3.0)
MS16-040 Windows Vista Service Pack 2(Microsoft XML Core Services 3.0)
MS16-040 Windows Vista x64 Edition Service Pack 2(Microsoft XML Core Services 3.0)
-
Microsoft Cumulative Security Update for Internet Explorer (MS16-037)
- Severity
- Critical 4
- Qualys ID
- 100281
- Vendor Reference
- MS16-037
- CVE Reference
- CVE-2016-0154, CVE-2016-0159, CVE-2016-0160, CVE-2016-0162, CVE-2016-0164, CVE-2016-0166
- CVSS Scores
- Base 7.6 / Temporal 6.3
- Description
-
Microsoft Internet Explorer is a graphical web browser developed by Microsoft and included as part of the Microsoft Windows operating systems.
This security update resolves multiple vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
This security update is rated Critical for Internet Explorer 9 (IE 9), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.
- Consequence
- The most severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
- Solution
-
Customers are advised to refer to Microsoft Advisory MS16-037 for more details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-037 Windows 10 Version 1511 for 32-bit Systems
MS16-037 Windows 10 Version 1511 for x64-based Systems
MS16-037 Windows 10 for 32-bit Systems
MS16-037 Windows 10 for x64-based Systems
MS16-037 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 11)
MS16-037 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 11)
MS16-037 Windows 8.1 for 32-bit Systems(Internet Explorer 11)
MS16-037 Windows 8.1 for x64-based Systems(Internet Explorer 11)
MS16-037 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 11)
MS16-037 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 9)
MS16-037 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 9)
MS16-037 Windows Server 2012(Internet Explorer 10)
MS16-037 Windows Server 2012 R2(Internet Explorer 11)
MS16-037 Windows Vista Service Pack 2(Internet Explorer 9)
MS16-037 Windows Vista x64 Edition Service Pack 2(Internet Explorer 9)
-
Microsoft Edge Cumulative Security Update (MS16-038)
- Severity
- Critical 4
- Qualys ID
- 91202
- Vendor Reference
- MS16-038
- CVE Reference
- CVE-2016-0154, CVE-2016-0155, CVE-2016-0156, CVE-2016-0157, CVE-2016-0158, CVE-2016-0161
- CVSS Scores
- Base 7.6 / Temporal 6.3
- Description
-
Microsoft Edge is a web browser developed by Microsoft and included in the company's Windows 10 operating systems, replacing Internet Explorer as the default web browser on all device classes.
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow code execution with elevated privileges if a user views a specially crafted webpage using Microsoft Edge.
This security update is rated critical for Microsoft Edge on Windows 10.
- Consequence
- An attacker who has successfully exploited the vulnerabilities could gain the same user rights as the current user.
- Solution
-
Customers are advised to refer to Microsoft Security Bulletin MS16-038 for details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-038 Windows 10 Version 1511 for 32-bit Systems
MS16-038 Windows 10 Version 1511 for x64-based Systems
MS16-038 Windows 10 for 32-bit Systems
MS16-038 Windows 10 for x64-based Systems
-
Microsoft Windows Graphics Component Security Update (MS16-039)
- Severity
- Urgent 5
- Qualys ID
- 91204
- Vendor Reference
- MS16-039
- CVE Reference
- CVE-2016-0143, CVE-2016-0145, CVE-2016-0165, CVE-2016-0167
- CVSS Scores
- Base 9.3 / Temporal 8.1
- Description
-
- Elevation of privilege vulnerabilities exist when the Windows kernel-mode driver fails to properly handle objects in memory.
- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts.
This security update is rated Critical for all supported released of Microsoft Windows, affected versions of Microsoft .NET framework, affected editions of Skype for business 2016, Microsoft Lync 2013 and Microsoft Office 2010.
This security update is rated Important for all affected editions of Microsoft Office 2007 and Microsoft Office 2010.
- Consequence
- Successful exploitation allows attacker to execute arbitrary code.
- Solution
-
Customers are advised to refer to Microsoft Advisory MS16-039 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-039 Microsoft Live Meeting 2007 Console
MS16-039 Microsoft Lync 2010
MS16-039 Microsoft Lync 2010
MS16-039 Microsoft Lync 2010 Attendee
MS16-039 Microsoft Lync 2010 Attendee
MS16-039 Microsoft Lync 2013 Service Pack 1
MS16-039 Microsoft Lync 2013 Service Pack 1
MS16-039 Microsoft Lync Basic 2013 Service Pack 1
MS16-039 Microsoft Lync Basic 2013 Service Pack 1
MS16-039 Microsoft Office 2007 Service Pack 3
MS16-039 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS16-039 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS16-039 Microsoft Word Viewer
MS16-039 Skype for Business 2016
MS16-039 Skype for Business 2016
MS16-039 Skype for Business Basic 2016
MS16-039 Skype for Business Basic 2016
MS16-039 Windows 10 Version 1511 for 32-bit Systems
MS16-039 Windows 10 Version 1511 for x64-based Systems
MS16-039 Windows 10 for 32-bit Systems
MS16-039 Windows 10 for 64-bit Systems
MS16-039 Windows 10 for x64-based Systems
MS16-039 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS16-039 Windows 7 for 32-bit Systems Service Pack 1
MS16-039 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS16-039 Windows 7 for x64-based Systems Service Pack 1
MS16-039 Windows 8.1 for 32-bit Systems(Microsoft .NET Framework 3.5)
MS16-039 Windows 8.1 for 32-bit Systems
MS16-039 Windows 8.1 for x64-based Systems(Microsoft .NET Framework 3.5)
MS16-039 Windows 8.1 for x64-based Systems
MS16-039 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS16-039 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS16-039 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS16-039 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft .NET Framework 3.5.1)
MS16-039 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 3.0 Service Pack 2)
MS16-039 Windows Server 2008 for 32-bit Systems Service Pack 2
MS16-039 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS16-039 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 3.0 Service Pack 2)
MS16-039 Windows Server 2008 for x64-based Systems Service Pack 2
MS16-039 Windows Server 2012(Microsoft .NET Framework 3.5)
MS16-039 Windows Server 2012
MS16-039 Windows Server 2012 (Server Core installation)(Microsoft .NET Framework 3.5)
MS16-039 Windows Server 2012 R2(Microsoft .NET Framework 3.5)
MS16-039 Windows Server 2012 R2
MS16-039 Windows Server 2012 R2 (Server Core installation)(Microsoft .NET Framework 3.5)
MS16-039 Windows Vista Service Pack 2(Microsoft .NET Framework 3.0 Service Pack 2)
MS16-039 Windows Vista Service Pack 2
MS16-039 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 3.0 Service Pack 2)
MS16-039 Windows Vista x64 Edition Service Pack 2
-
Microsoft .NET Framework Remote Code Execution Vulnerability (MS16-041)
- Severity
- Critical 4
- Qualys ID
- 91201
- Vendor Reference
- MS16-041
- CVE Reference
- CVE-2016-0148
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
The Microsoft .NET Framework is a software framework for computers running Microsoft Windows operating systems.
A remote code execution vulnerability exists when Microsoft .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploited this vulnerability could take control of an affected system.
The security update addresses the vulnerability by correcting how correcting how .NET validates input on library load.This security update is rated Important for Microsoft .NET Framework 4.6 and Microsoft .NET Framework 4.6.1 on affected releases of Microsoft Windows.
- Consequence
- The more severe of the vulnerabilities could cause remote code execution if an attacker with access to the local system executes a malicious application.
- Solution
-
Refer to MS16-041 for further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-041 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 4.6/4.6.1)
MS16-041 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4.6/4.6.1)
MS16-041 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4.6/4.6.1)
MS16-041 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft .NET Framework 4.6/4.6.1)
MS16-041 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 4.6)
MS16-041 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 4.6)
MS16-041 Windows Vista Service Pack 2(Microsoft .NET Framework 4.6)
MS16-041 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 4.6)
-
Microsoft Office Remote Code Execution Vulnerabilities (MS16-042)
- Severity
- Urgent 5
- Qualys ID
- 110271
- Vendor Reference
- MS16-042
- CVE Reference
- CVE-2016-0122, CVE-2016-0127, CVE-2016-0136, CVE-2016-0139
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Multiple remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory
Exploitation of the vulnerabilities requires that a user open a specially crafted file with an affected version of Microsoft Office software.
Microsoft has released a security update that addresses the vulnerabilities by correcting how Office handles objects in memory.
- Consequence
- This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
- Solution
-
Refer to Microsoft Security Bulletin MS16-042 for further details.
Workaround:
1) Use Microsoft Office File Block policy to prevent Office from opening RTF documents from unknown or untrusted sourcesImpact of Workaround #1: Users who have configured the File Block policy and have not configured a special "exempt directory" will be unable to open documents saved in the RTF format.
2) Use Microsoft Office File Block policy to prevent Office from opening Office 2003 (Excel binary files) and earlier documents from unknown or untrusted sources and locations
Impact of Workaround #2: Users who have configured the File Block policy and have not configured a special "exempt directory" will be unable to open documents saved in the Office 2003 or older file formats.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-042 Excel Services on Microsoft SharePoint Server 2007 Service Pack 3 (32-bit editions)
MS16-042 Excel Services on Microsoft SharePoint Server 2007 Service Pack 3 (64-bit editions)
MS16-042 Excel Services on Microsoft SharePoint Server 2010 Service Pack 2
MS16-042 Microsoft Excel 2007 Service Pack 3
MS16-042 Microsoft Excel 2010 Service Pack 2 (32-bit editions)
MS16-042 Microsoft Excel 2010 Service Pack 2 (64-bit editions)
MS16-042 Microsoft Excel 2013 Service Pack 1 (32-bit editions)
MS16-042 Microsoft Excel 2013 Service Pack 1 (64-bit editions)
MS16-042 Microsoft Excel 2016 (32-bit edition)
MS16-042 Microsoft Excel 2016 (64-bit edition)
MS16-042 Microsoft Excel Viewer
MS16-042 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS16-042 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS16-042 Microsoft Office Compatibility Pack Service Pack 3
MS16-042 Microsoft Office Compatibility Pack Service Pack 3
MS16-042 Microsoft Office Web Apps 2010 Service Pack 2
MS16-042 Microsoft Office Web Apps Server 2013 Service Pack 1
MS16-042 Microsoft Word 2007 Service Pack 3
MS16-042 Microsoft Word 2010 Service Pack 2 (32-bit editions)
MS16-042 Microsoft Word 2010 Service Pack 2 (64-bit editions)
MS16-042 Microsoft Word 2013 Service Pack 1 (32-bit editions)
MS16-042 Microsoft Word 2013 Service Pack 1 (64-bit editions)
MS16-042 Microsoft Word 2016 for Mac
MS16-042 Microsoft Word Viewer
MS16-042 Microsoft Word for Mac 2011
MS16-042 Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
MS16-042 Word Automation Services on Microsoft SharePoint Server 2013 Service Pack 1
-
Microsoft Windows OLE Remote Code Execution Vulnerability (MS16-044)
- Severity
- Critical 4
- Qualys ID
- 91198
- Vendor Reference
- MS16-044
- CVE Reference
- CVE-2016-0153
- CVSS Scores
- Base 9.3 / Temporal 6.9
- Description
-
A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.
The security update addresses the vulnerability by correcting how Windows OLE validates user input.
This security update is rated Important for all supported editions of Microsoft Windows, except for Windows 10. - Consequence
- An attacker could exploit the vulnerability to execute malicious code. However, an attacker must first convince a user to open either a specially crafted file or a program from either a webpage or an email message.To exploit the vulnerability, an attacker would have to convince a user to open either a specially crafted file or a program from either a webpage or an email message. The update addresses the vulnerability by correcting how Windows OLE validates user input.
- Solution
-
Refer to MS16-044 for further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-044 Windows 7 for 32-bit Systems Service Pack 1
MS16-044 Windows 7 for x64-based Systems Service Pack 1
MS16-044 Windows 8.1 for 32-bit Systems
MS16-044 Windows 8.1 for x64-based Systems
MS16-044 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS16-044 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS16-044 Windows Server 2008 for 32-bit Systems Service Pack 2
MS16-044 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS16-044 Windows Server 2008 for x64-based Systems Service Pack 2
MS16-044 Windows Server 2012
MS16-044 Windows Server 2012 R2
MS16-044 Windows Vista Service Pack 2
MS16-044 Windows Vista x64 Edition Service Pack 2
-
Microsoft Windows Security Update for Hyper-V (MS16-045)
- Severity
- Critical 4
- Qualys ID
- 91200
- Vendor Reference
- MS16-045
- CVE Reference
- CVE-2016-0088, CVE-2016-0089, CVE-2016-0090
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
Hyper-V is a hypervisor-based technology.
The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Information disclosure vulnerabilities exist when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system.
The security update addresses the vulnerabilities by correcting how Hyper-V validates guest operating system user input.This security update is rated Important for all supported editions of Windows 8.1 for x64-based Systems, Windows Server 2012, Windows Server 2012 R2, and Windows 10 for x64-based Systems.
- Consequence
- An attacker who successfully exploited the vulnerability could execute arbitrary code or gain access to information on the Hyper-V host operating system.
- Solution
-
Refer to Microsoft Security Bulletin MS16-045 for details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-045 Windows 10 for x64-based Systems
MS16-045 Windows 8.1 for x64-based Systems
MS16-045 Windows Server 2012
MS16-045 Windows Server 2012 R2
-
Microsoft Windows Security Update for Secondary Logon (MS16-046)
- Severity
- Critical 4
- Qualys ID
- 91203
- Vendor Reference
- MS16-046
- CVE Reference
- CVE-2016-0135
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
An elevation of privilege vulnerability exists in Microsoft Windows when the Windows Secondary Logon Service fails to properly manage requests in memory. The security update addresses the vulnerability by correcting how Windows Secondary Logon Service handles requests in memory.
This security update is rated Important for all supported editions of Windows 10.
- Consequence
- An attacker who successfully exploits this vulnerability could run arbitrary code as an administrator. An attacker could then install programs, view, change, or delete data; or create new accounts with full user rights.
- Solution
-
Customers are advised to refer to Microsoft Advisory MS16-046 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-046 Windows 10 Version 1511 for 32-bit Systems
MS16-046 Windows 10 Version 1511 for 32-bit Systems
MS16-046 Windows 10 for 32-bit Systems
MS16-046 Windows 10 for x64-based Systems
-
Microsoft Windows Security Update for SAM and LSAD Remote Protocols (MS16-047) (BADLOCK)
- Severity
- Serious 3
- Qualys ID
- 91199
- Vendor Reference
- MS16-047
- CVE Reference
- CVE-2016-0128
- CVSS Scores
- Base 5.8 / Temporal 4.8
- Description
-
An elevation of privilege vulnerability exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols when they accept authentication levels that do not protect the RPC channel adequately. The vulnerability is caused by the way the SAM and LSAD remote protocols establish the Remote Procedure Call (RPC) channel.
The security update addresses the vulnerability by modifying how the SAM and LSAD remote protocols handle authentication levels.
This security update is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
- Consequence
- The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack.
- Solution
-
Refer to Microsoft Security Bulletin MS16-047 for further details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-047 Windows 10 Version 1511 for 32-bit Systems
MS16-047 Windows 10 Version 1511 for x64-based Systems
MS16-047 Windows 10 for 32-bit Systems
MS16-047 Windows 10 for x64-based Systems
MS16-047 Windows 7 for 32-bit Systems Service Pack 1
MS16-047 Windows 7 for x64-based Systems Service Pack 1
MS16-047 Windows 8.1 for 32-bit Systems
MS16-047 Windows 8.1 for x64-based Systems
MS16-047 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS16-047 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS16-047 Windows Server 2008 for 32-bit Systems Service Pack 2
MS16-047 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS16-047 Windows Server 2008 for x64-based Systems Service Pack 2
MS16-047 Windows Server 2012
MS16-047 Windows Server 2012 R2
MS16-047 Windows Vista Service Pack 2
MS16-047 Windows Vista x64 Edition Service Pack 2
-
Microsoft Windows Client/Server Runtime Subsystem (CSRSS) Security Feature Bypass Vulnerability (MS16-048)
- Severity
- Critical 4
- Qualys ID
- 91205
- Vendor Reference
- MS16-048
- CVE Reference
- CVE-2016-0151
- CVSS Scores
- Base 7.2 / Temporal 6
- Description
-
Microsoft CSRSS (Client/Server Runtime Subsystem) is an essential Windows subsystem. The CSRSS is responsible for console windows, creating and/or deleting threads.
- A security feature bypass vulnerability exists in CSRSS component that does not properly manage process tokens in memory.
This security update is rated Important for all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1 and Windows 10.
- Consequence
-
This issue can be exploited by malicious, local users to gain escalated privileges.
An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. - Solution
-
Customers are advised to view MS16-048 for instructions pertaining to the remediation of these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-048 Windows 10 Version 1511 for 32-bit Systems
MS16-048 Windows 10 Version 1511 for x64-based Systems
MS16-048 Windows 10 for 32-bit Systems
MS16-048 Windows 10 for x64-based Systems
MS16-048 Windows 8.1 for 32-bit Systems
MS16-048 Windows 8.1 for x64-based Systems
MS16-048 Windows Server 2012
MS16-048 Windows Server 2012 R2
-
Microsoft Windows HTTP.sys Denial of Service Vulnerability (MS16-049)
- Severity
- Critical 4
- Qualys ID
- 91197
- Vendor Reference
- MS16-049
- CVE Reference
- CVE-2016-0150
- CVSS Scores
- Base 7.8 / Temporal 5.8
- Description
-
A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests.
To exploit this vulnerability, an attacker could send a specially crafted HTTP packet to a target system, causing the affected system to become non-responsive.
Microsoft has released an update that addresses the vulnerability by modifying how the Windows HTTP protocol stack handles HTTP 2.0 requests.
This security update is rated Important for all supported editions of Microsoft Windows 10.
- Consequence
- The vulnerability could allow denial of service if an attacker sends a specially crafted HTTP packet to a target system.
- Solution
-
Refer to Microsoft Security Bulletin MS16-049 for further details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-049 Windows 10 Version 1511 for 32-bit Systems
MS16-049 Windows 10 Version 1511 for x64-based Systems
MS16-049 Windows 10 for 32-bit Systems
MS16-049 Windows 10 for x64-based Systems
-
Microsoft Windows Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (MS16-050 and KB3154132)
- Severity
- Urgent 5
- Qualys ID
- 100282
- Vendor Reference
- MS16-050
- CVE Reference
- CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018, CVE-2016-1019
- CVSS Scores
- Base 10 / Temporal 8.7
- Description
-
Microsoft released an update (MS16-050) for Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
The update addresses the vulnerabilities described in Adobe Security bulletin APSB16-10.
This security update is rated Critical for Adobe Flash Player in Internet Explorer 10, Internet Explorer 11 and Microsoft Edge.
- Consequence
- Successful exploitation of this vulnerability will allow an attacker to execute arbitrary code, failed exploits may result in denial of service.
- Solution
-
Customers are advised to view MS16-050 for instructions pertaining to the remediation of these vulnerabilities.
Workaround:
- Prevent Adobe Flash Player from running
- Prevent Adobe Flash Player from running on Internet Explorer through Group Policy
- Prevent Adobe Flash Player from running in Office 2010 on affected systems
- Prevent ActiveX controls from running in Office 2007 and Office 2010
- Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
- Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
- Add sites that you trust to the Internet Explorer Trusted sites zonePatches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-050 Windows 8.1 for 32-bit Systems(Adobe Flash Player)
MS16-050 Windows 8.1 for x64-based Systems(Adobe Flash Player)
MS16-050 Windows Server 2012(Adobe Flash Player)
MS16-050 Windows Server 2012 R2(Adobe Flash Player)
These new vulnerability checks are included in Qualys vulnerability signature 2.3.281-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 124885
- 100281
- 91202
- 91204
- 91201
- 110271
- 91198
- 91200
- 91203
- 91199
- 91205
- 91197
- 100282
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.