Microsoft Security Bulletin: May 10

Advisory overview

Qualys Vulnerability R&D Lab has released new vulnerability checks in the Qualys Cloud Platform to protect organizations against 57 vulnerabilities that were fixed in 16 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.

Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.

Vulnerability details

Microsoft has released 16 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:

Microsoft Windows Update for Microsoft Graphics Component (MS16-055)

Severity

Urgent 5

Qualys ID

91209

Vendor Reference

MS16-055

CVE Reference

CVE-2016-0168, CVE-2016-0169, CVE-2016-0170, CVE-2016-0184, CVE-2016-0195

CVSS Scores

Base 9.3 / Temporal 7.7

Description

This security update resolves vulnerabilities in Microsoft Windows. The security update addresses the vulnerabilities by correcting how the Windows GDI component and the Windows Imaging Component handle objects in memory.
This security update is rated Critical for all supported releases of Microsoft Windows.

Consequence

The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits a specially crafted website.

Solution

Refer to KB3156013 for more information. Refer to KB3156016 for more information. Refer to KB3156019 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-055 Windows 10 Version 1511 for 32-bit Systems
MS16-055 Windows 10 Version 1511 for x64-based Systems
MS16-055 Windows 10 for 32-bit Systems
MS16-055 Windows 10 for x64-based Systems
MS16-055 Windows 7 for 32-bit Systems Service Pack 1(KB3156013)
MS16-055 Windows 7 for 32-bit Systems Service Pack 1(KB3156016)
MS16-055 Windows 7 for 32-bit Systems Service Pack 1(KB3156019)
MS16-055 Windows 7 for x64-based Systems Service Pack 1(KB3156013)
MS16-055 Windows 7 for x64-based Systems Service Pack 1(KB3156016)
MS16-055 Windows 7 for x64-based Systems Service Pack 1(KB3156019)
MS16-055 Windows 8.1 for 32-bit Systems(KB3156013)
MS16-055 Windows 8.1 for 32-bit Systems(KB3156016)
MS16-055 Windows 8.1 for 32-bit Systems(KB3156019)
MS16-055 Windows 8.1 for x64-based Systems(KB3156013)
MS16-055 Windows 8.1 for x64-based Systems(KB3156016)
MS16-055 Windows 8.1 for x64-based Systems(KB3156019)
MS16-055 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(KB3156013)
MS16-055 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(KB3156016)
MS16-055 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(KB3156019)
MS16-055 Windows Server 2008 R2 for x64-based Systems Service Pack 1(KB3156013)
MS16-055 Windows Server 2008 R2 for x64-based Systems Service Pack 1(KB3156016)
MS16-055 Windows Server 2008 R2 for x64-based Systems Service Pack 1(KB3156019)
MS16-055 Windows Server 2008 for Itanium-based Systems Service Pack 2(KB3156013)
MS16-055 Windows Server 2008 for Itanium-based Systems Service Pack 2(KB3156019)
MS16-055 Windows Server 2008 for x64-based Systems Service Pack 2(KB3156013)
MS16-055 Windows Server 2008 for x64-based Systems Service Pack 2(KB3156016)
MS16-055 Windows Server 2008 for x64-based Systems Service Pack 2(KB3156019)
MS16-055 Windows Server 2012(KB3156013)
MS16-055 Windows Server 2012(KB3156016)
MS16-055 Windows Server 2012(KB3156019)
MS16-055 Windows Server 2012 R2(KB3156013)
MS16-055 Windows Server 2012 R2(KB3156016)
MS16-055 Windows Server 2012 R2(KB3156019)
MS16-055 Windows Vista Service Pack 2(KB3156013)
MS16-055 Windows Vista Service Pack 2(KB3156016)
MS16-055 Windows Vista Service Pack 2(KB3156019)
MS16-055 Windows Vista x64 Edition Service Pack 2(KB3156013)
MS16-055 Windows Vista x64 Edition Service Pack 2(KB3156016)
MS16-055 Windows Vista x64 Edition Service Pack 2(KB3156019)
Microsoft Windows Shell Remote Code Execution Vulnerability(MS16-057)

Severity

Critical 4

Qualys ID

91210

Vendor Reference

MS16-057

CVE Reference

CVE-2016-0179

CVSS Scores

Base 9.3 / Temporal 6.9

Description

This security update resolves a vulnerability in Microsoft Windows. The security update addresses the vulnerability by modifying how Windows Shell handles objects in memory.
This security update is rated Critical for all supported releases of Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.

Consequence

The vulnerability could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website that accepts user-provided online content, or convinces a user to open specially crafted content.

Solution

Refer to MS16-057 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-057 Windows 10 Version 1511 for 32-bit Systems
MS16-057 Windows 10 Version 1511 for x64-based Systems
MS16-057 Windows 10 for 32-bit Systems
MS16-057 Windows 10 for x64-based Systems
MS16-057 Windows 8.1 for 32-bit Systems
MS16-057 Windows 8.1 for x64-based Systems
MS16-057 Windows Server 2012 R2
Microsoft Windows IIS Security Update (MS16-058)

Severity

Critical 4

Qualys ID

91215

Vendor Reference

MS16-058

CVE Reference

CVE-2016-0152

CVSS Scores

Base 7.2 / Temporal 5.3

Description

This security update resolves a Windows DLL Loading Remote Code Execution Vulnerability in Microsoft Windows.
A remote code execution vulnerability exists when Microsoft Windows fails to properly validate input before loading certain libraries.
This security update is rated Important for all supported editions of Windows Vista and Windows 2008.

Consequence

An attacker who successfully exploited this vulnerability could take control of an affected system.

Solution

Customers are advised to refer to Microsoft Advisory MS16-058 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-058 Windows Server 2008 for 32-bit Systems Service Pack 2
MS16-058 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS16-058 Windows Server 2008 for x64-based Systems Service Pack 2
MS16-058 Windows Vista Service Pack 2
MS16-058 Windows Vista x64 Edition Service Pack 2
Microsoft Windows .NET Framework Information Disclosure Vulnerability (MS16-065)

Severity

Critical 4

Qualys ID

91213

Vendor Reference

MS16-065

CVE Reference

CVE-2016-0149

CVSS Scores

Base 4.3 / Temporal 3.2

Description

An information disclosure vulnerability exists in the TLS/SSL protocol, implemented in the encryption component of Microsoft .NET Framework.
This security update is rated Important for Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, and Microsoft .NET Framework 4.6.1 on affected releases of Microsoft Windows.

Consequence

An attacker who successfully exploited this vulnerability can decrypt encrypted SSL/TLS traffic.

Solution

Customers are advised to view MS16-065 for instructions pertaining to the remediation of these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-065 Windows 10 Version 1511 for 32-bit Systems
MS16-065 Windows 10 Version 1511 for x64-based Systems
MS16-065 Windows 10 for 32-bit Systems
MS16-065 Windows 10 for x64-based Systems
MS16-065 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS16-065 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 4.5.2)
MS16-065 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 4.6/4.6.1)
MS16-065 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS16-065 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4.5.2)
MS16-065 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4.6/4.6.1)
MS16-065 Windows 8.1 for 32-bit Systems(Microsoft .NET Framework 3.5)
MS16-065 Windows 8.1 for 32-bit Systems(Microsoft .NET Framework 4.5.2)
MS16-065 Windows 8.1 for 32-bit Systems(Microsoft .NET Framework 4.6/4.6.1)
MS16-065 Windows 8.1 for x64-based Systems(Microsoft .NET Framework 3.5)
MS16-065 Windows 8.1 for x64-based Systems(Microsoft .NET Framework 4.5.2)
MS16-065 Windows 8.1 for x64-based Systems(Microsoft .NET Framework 4.6/4.6.1)
MS16-065 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS16-065 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS16-065 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4.5.2)
MS16-065 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 4.6/4.6.1)
MS16-065 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft .NET Framework 3.5.1)
MS16-065 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft .NET Framework 4.5.2)
MS16-065 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft .NET Framework 4.6/4.6.1)
MS16-065 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS16-065 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 4.5.2)
MS16-065 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 4.6)
MS16-065 Windows Server 2008 for Itanium-based Systems Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS16-065 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS16-065 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 4.5.2)
MS16-065 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 4.6)
MS16-065 Windows Server 2012(Microsoft .NET Framework 3.5)
MS16-065 Windows Server 2012(Microsoft .NET Framework 4.5.2)
MS16-065 Windows Server 2012(Microsoft .NET Framework 4.6/4.6.1)
MS16-065 Windows Server 2012 (Server Core installation)(Microsoft .NET Framework 3.5)
MS16-065 Windows Server 2012 (Server Core installation)(Microsoft .NET Framework 4.5.2)
MS16-065 Windows Server 2012 (Server Core installation)(Microsoft .NET Framework 4.6/4.6.1)
MS16-065 Windows Server 2012 R2(Microsoft .NET Framework 3.5)
MS16-065 Windows Server 2012 R2(Microsoft .NET Framework 4.5.2)
MS16-065 Windows Server 2012 R2(Microsoft .NET Framework 4.6/4.6.1)
MS16-065 Windows Server 2012 R2 (Server Core installation)(Microsoft .NET Framework 3.5)
MS16-065 Windows Server 2012 R2 (Server Core installation)(Microsoft .NET Framework 4.5.2)
MS16-065 Windows Server 2012 R2 (Server Core installation)(Microsoft .NET Framework 4.6/4.6.1)
MS16-065 Windows Vista Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS16-065 Windows Vista Service Pack 2(Microsoft .NET Framework 4.5.2)
MS16-065 Windows Vista Service Pack 2(Microsoft .NET Framework 4.6)
MS16-065 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 2.0 Service Pack 2)
MS16-065 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 4.5.2)
MS16-065 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 4.6)
Microsoft Windows Virtual Secure Mode Feature Bypass Vulnerability (MS16-066)

Severity

Serious 3

Qualys ID

91212

Vendor Reference

MS16-066

CVE Reference

CVE-2016-0181

CVSS Scores

Base 2.1 / Temporal 1.6

Description

This security update resolves a vulnerability in Microsoft Windows. The update addresses the vulnerability by correcting the security feature behavior to preclude incorrect marking of RWX pages under HVCI.
This security update is rated Important for all supported editions of Microsoft Windows 10.

Consequence

The vulnerability could allow a security feature bypass if an attacker runs a specially crafted application to bypass code integrity protections in Windows.

Solution

Refer to MS16-066 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-066 Windows 10 Version 1511 for 32-bit Systems
MS16-066 Windows 10 Version 1511 for x64-based Systems
MS16-066 Windows 10 for 32-bit Systems
MS16-066 Windows 10 for x64-based Systems
Microsoft Windows Media Center Remote Code Execution Vulnerability (MS16-059)

Severity

Critical 4

Qualys ID

91216

Vendor Reference

MS16-059

CVE Reference

CVE-2016-0185

CVSS Scores

Base 9.3 / Temporal 7.7

Description

This security update resolves a vulnerability in Microsoft Windows.
A vulnerability exists in Windows Media Center that could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code.
This security update is rated Important for all supported editions of Windows Media Center when installed on Windows Vista, Windows 7 or Windows 8.1.

Consequence

An attacker who successfully exploited this vulnerability could take control of an affected system.

Solution

Customers are advised to refer to Microsoft Advisory MS16-059 for more details pertaining to this vulnerability. Workaround:
Remove the MCL file association.
Refer to the workaround section of Microsoft Security Bulletin MS16-059 for further details.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-059 Windows 7 for 32-bit Systems Service Pack 1(Windows Media Center)
MS16-059 Windows 7 for x64-based Systems Service Pack 1(Windows Media Center)
MS16-059 Windows 8.1 for 32-bit Systems(Windows Media Center)
MS16-059 Windows 8.1 for x64-based Systems(Windows Media Center)
MS16-059 Windows Vista Service Pack 2(Windows Media Center)
MS16-059 Windows Vista x64 Edition Service Pack 2(Windows Media Center)
Microsoft Windows Kernel Privilege Escalation Vulnerability (MS16-060)

Severity

Critical 4

Qualys ID

91211

Vendor Reference

MS16-060

CVE Reference

CVE-2016-0180

CVSS Scores

Base 7.2 / Temporal 5.3

Description

An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links.
This security update is rated Important for all supported editions of Windows Vista, Windows 7, Windows Server 2008.

Consequence

An attacker who successfully exploited this vulnerability could execute code with elevated privileges.

Solution

Customers are advised to refer to Microsoft Advisory MS16-060 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-060 Windows 10 Version 1511 for 32-bit Systems
MS16-060 Windows 10 Version 1511 for x64-based Systems
MS16-060 Windows 10 for 32-bit Systems
MS16-060 Windows 10 for x64-based Systems
MS16-060 Windows 7 for 32-bit Systems Service Pack 1
MS16-060 Windows 7 for x64-based Systems Service Pack 1
MS16-060 Windows 8.1 for 32-bit Systems
MS16-060 Windows 8.1 for x64-based Systems
MS16-060 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS16-060 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS16-060 Windows Server 2008 for 32-bit Systems Service Pack 2
MS16-060 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS16-060 Windows Server 2008 for x64-based Systems Service Pack 2
MS16-060 Windows Server 2012
MS16-060 Windows Server 2012 R2
MS16-060 Windows Vista Service Pack 2
MS16-060 Windows Vista x64 Edition Service Pack 2
Microsoft Windows Update for Microsoft RPC (MS16-061)

Severity

Critical 4

Qualys ID

91208

Vendor Reference

MS16-061

CVE Reference

CVE-2016-0178

CVSS Scores

Base 9 / Temporal 6.7

Description

An elevation of privilege vulnerability exists in the way that Microsoft Windows handles specially crafted Remote Procedure Call (RPC) requests. A privilege elevation can occur when the RPC Network Data Representation (NDR) Engine improperly frees memory.
The security update addresses the vulnerability by modifying the way that Microsoft Windows handles RPC messages.
This security update is rated Important for all supported releases of Microsoft Windows.

Consequence

An attacker who successfully exploited this vulnerability could execute arbitrary code and take control of an affected system.

Solution

Refer to MS16-061 for further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-061 Windows 10 Version 1511 for 32-bit Systems
MS16-061 Windows 10 Version 1511 for x64-based Systems
MS16-061 Windows 10 for 32-bit Systems
MS16-061 Windows 10 for x64-based Systems
MS16-061 Windows 7 for 32-bit Systems Service Pack 1
MS16-061 Windows 7 for x64-based Systems Service Pack 1
MS16-061 Windows 8.1 for 32-bit Systems
MS16-061 Windows 8.1 for x64-based Systems
MS16-061 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS16-061 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS16-061 Windows Server 2008 for 32-bit Systems Service Pack 2
MS16-061 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS16-061 Windows Server 2008 for x64-based Systems Service Pack 2
MS16-061 Windows Server 2012
MS16-061 Windows Server 2012 R2
MS16-061 Windows Vista Service Pack 2
MS16-061 Windows Vista x64 Edition Service Pack 2
Microsoft Windows Journal Remote Code Execution Vulnerability (MS16-056)

Severity

Urgent 5

Qualys ID

91217

Vendor Reference

MS16-056

CVE Reference

CVE-2016-0182

CVSS Scores

Base 9.3 / Temporal 6.9

Description

A remote code execution vulnerability exists in Microsoft Windows when a specially crafted Journal file is opened in Windows Journal. An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user.
The update addresses the vulnerability by modifying how Windows Journal parses Journal files.
This security update is rated Critical for all supported editions of Windows Vista, Windows 7, Windows 8.1, Windows RT 8.1, and Windows 10.

Consequence

An attacker who successfully exploited this vulnerability could cause arbitrary code to execute in the context of the current user.

Solution

Refer to MS16-056 for further information. Workaround:
- Do not open suspicious file attachments. - Remove the .jnt file type association
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-056 Windows 10 Version 1511 for 32-bit Systems
MS16-056 Windows 10 Version 1511 for x64-based Systems
MS16-056 Windows 10 for 32-bit Systems
MS16-056 Windows 10 for x64-based Systems
MS16-056 Windows 7 for 32-bit Systems Service Pack 1
MS16-056 Windows 7 for x64-based Systems Service Pack 1
MS16-056 Windows 8.1 for 32-bit Systems
MS16-056 Windows 8.1 for x64-based Systems
MS16-056 Windows Vista Service Pack 2
MS16-056 Windows Vista x64 Edition Service Pack 2
Microsoft JScript and VBScript Remote Code Execution Vulnerabilities (MS16-053)

Severity

Urgent 5

Qualys ID

91220

Vendor Reference

MS16-053

CVE Reference

CVE-2016-0187, CVE-2016-0189

CVSS Scores

Base 7.6 / Temporal 6.6

Description

This security update resolves a vulnerability in the VBScript scripting engine in Microsoft Windows.
A remote code execution vulnerability exists in the way that the VBScript engine renders when handling objects in memory in Internet Explorer. The update addresses the vulnerability by modifying how the VBScript scripting engine handles objects in memory.
This security update is rated Critical for affected versions of the VBScript scripting engine on supported editions of Windows Vista, Windows Server 2008, and Server Core installations of Windows Server 2008 R2.

Consequence

The vulnerability could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.

Solution

Please refer to MS16-053 for details.

Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-053 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Server Core installation only)(JScript 5.8 and VBScript 5.8)
MS16-053 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)(VBScript 5.7)
MS16-053 Windows Server 2008 for Itanium-based Systems Service Pack 2(VBScript 5.7)
MS16-053 Windows Server 2008 for x32-bit Systems Service Pack 2(VBScript 5.7)
MS16-053 Windows Server 2008 for x64-based Systems Service Pack 2(VBScript 5.7)
MS16-053 Windows Server 2008 for x64-based Systems Service Pack 2(Server Core installation only)(VBScript 5.7)
MS16-053 Windows Vista Service Pack 2(VBScript 5.7)
MS16-053 Windows Vista x64 Edition Service Pack 2(VBScript 5.7)
Microsoft Windows Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (MS16-064)

Severity

Urgent 5

Qualys ID

100283

Vendor Reference

MS16-064

CVE Reference

CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116

CVSS Scores

Base 7.6 / Temporal 6.3

Description

Microsoft released an update (MS16-050) for Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
The update addresses the vulnerabilities described in Adobe Security bulletin APSB16-02.
This security update is rated Critical for Adobe Flash Player in Internet Explorer 10, Internet Explorer 11 and Microsoft Edge.

Consequence

Successful exploitation of this vulnerability will allow an attacker to execute arbitrary code.

Solution

Customers are advised to view MS16-064 for instructions pertaining to the remediation of these vulnerabilities. Workaround:
- Prevent Adobe Flash Player from running
- Prevent Adobe Flash Player from running on Internet Explorer through Group Policy
- Prevent Adobe Flash Player from running in Office 2010 on affected systems
- Prevent ActiveX controls from running in Office 2007 and Office 2010
- Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
- Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone
- Add sites that you trust to the Internet Explorer Trusted sites zone
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-064 Windows 8.1 for 32-bit Systems(Adobe Flash Player)
MS16-064 Windows 8.1 for x64-based Systems(Adobe Flash Player)
MS16-064 Windows Server 2012(Adobe Flash Player)
MS16-064 Windows Server 2012 R2(Adobe Flash Player)
Microsoft Cumulative Security Update for Internet Explorer (MS16-051)

Severity

Urgent 5

Qualys ID

100284

Vendor Reference

MS16-051

CVE Reference

CVE-2016-0187, CVE-2016-0188, CVE-2016-0189, CVE-2016-0192, CVE-2016-0194

CVSS Scores

Base 9.3 / Temporal 8.1

Description

Microsoft Internet Explorer is a graphical web browser developed by Microsoft and included as part of the Microsoft Windows operating systems.
This security update resolves multiple vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.
This security update is rated Critical for Internet Explorer 9 (IE 9), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers.

Consequence

The most severe vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Solution

Customers are advised to refer to Microsoft Advisory MS16-051 for more details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-051 Windows 10 Version 1511 for 32-bit Systems
MS16-051 Windows 10 Version 1511 for x64-based Systems
MS16-051 Windows 10 for 32-bit Systems
MS16-051 Windows 10 for x64-based Systems
MS16-051 Windows 7 for 32-bit Systems Service Pack 1(Internet Explorer 11)
MS16-051 Windows 7 for x64-based Systems Service Pack 1(Internet Explorer 11)
MS16-051 Windows 8.1 for 32-bit Systems(Internet Explorer 11)
MS16-051 Windows 8.1 for x64-based Systems(Internet Explorer 11)
MS16-051 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Internet Explorer 11)
MS16-051 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 9)
MS16-051 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 9)
MS16-051 Windows Server 2012(Internet Explorer 10)
MS16-051 Windows Server 2012 R2(Internet Explorer 11)
MS16-051 Windows Vista Service Pack 2(Internet Explorer 9)
MS16-051 Windows Vista x64 Edition Service Pack 2(Internet Explorer 9)
Microsoft Edge Cumulative Security Update (MS16-052)

Severity

Critical 4

Qualys ID

91219

Vendor Reference

MS16-052

CVE Reference

CVE-2016-0186, CVE-2016-0191, CVE-2016-0192, CVE-2016-0193

CVSS Scores

Base 7.6 / Temporal 6.3

Description

Microsoft Edge is a web browser developed by Microsoft and included in the company's Windows 10 operating systems, replacing Internet Explorer as the default web browser on all device classes.
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow code execution with elevated privileges if a user views a specially crafted webpage using Microsoft Edge.
This security update is rated critical for Microsoft Edge on Windows 10.

Consequence

An attacker who has successfully exploited the vulnerabilities could gain the same user rights as the current user.

Solution

Customers are advised to refer to Microsoft Security Bulletin MS16-052 for details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-052 Windows 10 Version 1511 for 32-bit Systems
MS16-052 Windows 10 Version 1511 for x64-based Systems
MS16-052 Windows 10 for 32-bit Systems
MS16-052 Windows 10 for x64-based Systems
Microsoft Office Remote Code Execution Vulnerabilities (MS16-054)

Severity

Urgent 5

Qualys ID

110272

Vendor Reference

MS16-054

CVE Reference

CVE-2016-0126, CVE-2016-0140, CVE-2016-0183, CVE-2016-0198

CVSS Scores

Base 9.3 / Temporal 7.7

Description

Multiple remote code execution vulnerabilities exist in Microsoft Office software when the Office software fails to properly handle objects in memory.
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts.
Microsoft has released a security update that addresses the vulnerabilities by correcting how Office handles objects in memory, and by correcting how the Windows font library handles embedded fonts.
The security update is rated Critical for all support Office versions.

Consequence

An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system.

Solution

Refer to Microsoft Security Bulletin MS16-054 for further details. Workaround:
1) Use Microsoft Office File Block policy to prevent Office from opening RTF documents from unknown or untrusted sources
Impact of Workaround #1: Users who have configured the File Block policy and have not configured a special "exempt directory" will be unable to open documents saved in the RTF format.
2) Prevent Word from loading RTF files
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-054 Microsoft Office 2007 Service Pack 3
MS16-054 Microsoft Office 2007 Service Pack 3
MS16-054 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS16-054 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS16-054 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS16-054 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS16-054 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS16-054 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS16-054 Microsoft Office 2013 Service Pack 1 (32-bit editions)
MS16-054 Microsoft Office 2013 Service Pack 1 (64-bit editions)
MS16-054 Microsoft Office 2016 (32-bit edition)
MS16-054 Microsoft Office 2016 (64-bit edition)
MS16-054 Microsoft Office Compatibility Pack Service Pack 3
MS16-054 Microsoft Office Web Apps 2010 Service Pack 2
MS16-054 Microsoft Word 2007 Service Pack 3
MS16-054 Microsoft Word 2010 Service Pack 2 (32-bit editions)
MS16-054 Microsoft Word 2010 Service Pack 2 (64-bit editions)
MS16-054 Microsoft Word 2013 Service Pack 1 (32-bit editions)
MS16-054 Microsoft Word 2013 Service Pack 1 (64-bit editions)
MS16-054 Microsoft Word 2016 (32-bit edition)
MS16-054 Microsoft Word 2016 (64-bit edition)
MS16-054 Microsoft Word 2016 for Mac
MS16-054 Microsoft Word Viewer
MS16-054 Microsoft Word for Mac 2011
MS16-054 Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
Microsoft Windows Kernel Mode Multiple Vulnerabilities (MS16-062)

Severity

Critical 4

Qualys ID

91218

Vendor Reference

MS16-062

CVE Reference

CVE-2016-0171, CVE-2016-0173, CVE-2016-0174, CVE-2016-0175, CVE-2016-0176, CVE-2016-0196, CVE-2016-0197

CVSS Scores

Base 7.2 / Temporal 6

Description

Multiple elevation of privilege vulnerabilities exist in Windows when the Windows kernel-mode driver fails to properly handle objects in memory.
A security feature bypass vulnerability exists in Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (KASLR) bypass.
An elevation of privilege vulnerability exists when the DirectX Graphics kernel subsystem (dxgkrnl.sys) improperly handles objects in memory.
An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory.
The security update addresses the vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory, how the Windows kernel handles memory addresses and the way in which the Microsoft DirectX graphics kernel subsystem (dxgkrnl.sys) handles certain calls and escapes to preclude improper memory mapping and prevent unintended elevation from user-mode.
This security update is rated Important for all supported releases of Windows.

Consequence

The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application.

Solution

Refer to MS16-062 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-062 Windows 10 Version 1511 for 32-bit Systems
MS16-062 Windows 10 Version 1511 for x64-based Systems
MS16-062 Windows 10 for 32-bit Systems
MS16-062 Windows 10 for x64-based Systems
MS16-062 Windows 7 for 32-bit Systems Service Pack 1
MS16-062 Windows 7 for 32-bit Systems Service Pack 1
MS16-062 Windows 7 for x64-based Systems Service Pack 1
MS16-062 Windows 7 for x64-based Systems Service Pack 1
MS16-062 Windows 8.1 for 32-bit Systems
MS16-062 Windows 8.1 for 32-bit Systems
MS16-062 Windows 8.1 for x64-based Systems
MS16-062 Windows 8.1 for x64-based Systems
MS16-062 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS16-062 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS16-062 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS16-062 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS16-062 Windows Server 2008 for 32-bit Systems Service Pack 2
MS16-062 Windows Server 2008 for 32-bit Systems Service Pack 2
MS16-062 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS16-062 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS16-062 Windows Server 2008 for x64-based Systems Service Pack 2
MS16-062 Windows Server 2008 for x64-based Systems Service Pack 2
MS16-062 Windows Server 2012
MS16-062 Windows Server 2012
MS16-062 Windows Server 2012 R2
MS16-062 Windows Server 2012 R2
MS16-062 Windows Vista Service Pack 2
MS16-062 Windows Vista Service Pack 2
MS16-062 Windows Vista x64 Edition Service Pack 2
MS16-062 Windows Vista x64 Edition Service Pack 2
Microsoft Windows Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability (MS16-067)

Severity

Serious 3

Qualys ID

91214

Vendor Reference

MS16-067

CVE Reference

CVE-2016-0190

CVSS Scores

Base 2.1 / Temporal 1.6

Description

An information disclosure vulnerability exists in Microsoft Windows when a USB disk mounted over Remote Desktop Protocol (RDP) via Microsoft RemoteFX is not correctly tied to the session of the mounting user.
The security update addresses the vulnerability by ensuring that access to USB disks over RDP is correctly enforced to prevent non-mounting session access.
This security update is rated Important for all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows RT 8.1.

Consequence

An attacker who successfully exploited this vulnerability could obtain access to file and directory information on the mounting user's USB disk.

Solution

Refer to MS16-067 for further information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-067 Windows 8.1 for 32-bit Systems
MS16-067 Windows 8.1 for x64-based Systems
MS16-067 Windows Server 2012
MS16-067 Windows Server 2012 R2

These new vulnerability checks are included in Qualys vulnerability signature 2.3.309-4. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.

Selective Scan Instructions Using Qualys

To perform a selective vulnerability scan, configure a scan profile to use the following options:

Ensure access to TCP ports 135 and 139 are available.
Enable Windows Authentication (specify Authentication Records).
Enable the following Qualys IDs:
- 91209
- 91210
- 91215
- 91213
- 91212
- 91216
- 91211
- 91208
- 91217
- 91220
- 100283
- 100284
- 91219
- 110272
- 91218
- 91214
If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.

In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.

Access for Qualys Customers

Platforms and Platform Identification

Technical Support

For more information, customers may contact Qualys Technical Support.

About Qualys

The Qualys Cloud Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.

OVERVIEW

CAPABILITIES

PLATFORM APPS

ASSET MANAGEMENT

Vulnerability & Configuration Management

Risk REMEDIATION

Threat Detection and Response

Compliance

Cloud Security

Use Cases

Segments

RESOURCES

RESEARCH

Customers

Partners

Company

Overview

CAPABILITIES

Platform Apps

Use Cases

Segments

Resources

Research

Qualys Cloud Platform

Free Services

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Platform Apps

Microsoft security alert.

May 10, 2016

Advisory overview

Vulnerability details

Microsoft Windows Update for Microsoft Graphics Component (MS16-055)

Microsoft Windows Shell Remote Code Execution Vulnerability(MS16-057)

Microsoft Windows IIS Security Update (MS16-058)

Microsoft Windows .NET Framework Information Disclosure Vulnerability (MS16-065)

Microsoft Windows Virtual Secure Mode Feature Bypass Vulnerability (MS16-066)

Microsoft Windows Media Center Remote Code Execution Vulnerability (MS16-059)

Microsoft Windows Kernel Privilege Escalation Vulnerability (MS16-060)

Microsoft Windows Update for Microsoft RPC (MS16-061)

Microsoft Windows Journal Remote Code Execution Vulnerability (MS16-056)

Microsoft JScript and VBScript Remote Code Execution Vulnerabilities (MS16-053)

Microsoft Windows Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (MS16-064)

Microsoft Cumulative Security Update for Internet Explorer (MS16-051)

Microsoft Edge Cumulative Security Update (MS16-052)

Microsoft Office Remote Code Execution Vulnerabilities (MS16-054)

Microsoft Windows Kernel Mode Multiple Vulnerabilities (MS16-062)

Microsoft Windows Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability (MS16-067)

Selective Scan Instructions Using Qualys

Access for Qualys Customers

Technical Support

About Qualys