Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 48 vulnerabilities that were fixed in 10 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Microsoft has released 10 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
This security update is rated Critical on the following client operating systems: Microsoft Windows Vista, Windows 7, Windows 8.1, Windows RT 8.1, and Windows 10.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-122 Windows 10 Version 1511 for 32-bit Systems
MS16-122 Windows 10 Version 1511 for x64-based Systems
MS16-122 Windows 10 Version 1607 for 32-bit Systems
MS16-122 Windows 10 Version 1607 for x64-based Systems
MS16-122 Windows 10 for 32-bit Systems
MS16-122 Windows 10 for x64-based Systems
MS16-122 Windows 7 for 32-bit Systems Service Pack 1
MS16-122 Windows 7 for 32-bit Systems Service Pack 1
MS16-122 Windows 7 for x64-based Systems Service Pack 1
MS16-122 Windows 7 for x64-based Systems Service Pack 1
MS16-122 Windows 8.1 for 32-bit Systems
MS16-122 Windows 8.1 for 32-bit Systems
MS16-122 Windows 8.1 for x64-based Systems
MS16-122 Windows 8.1 for x64-based Systems
MS16-122 Windows Vista Service Pack 2
MS16-122 Windows Vista x64 Edition Service Pack 2
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-121 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS16-121 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS16-121 Microsoft Office Compatibility Pack Service Pack 3
MS16-121 Microsoft Office Web Apps 2010 Service Pack 2
MS16-121 Microsoft Office Web Apps Server 2013 Service Pack 1
MS16-121 Microsoft Word 2007 Service Pack 3
MS16-121 Microsoft Word 2010 Service Pack 2 (32-bit editions)
MS16-121 Microsoft Word 2010 Service Pack 2 (64-bit editions)
MS16-121 Microsoft Word 2013 Service Pack 1 (32-bit editions)
MS16-121 Microsoft Word 2013 Service Pack 1 (64-bit editions)
MS16-121 Microsoft Word 2016 (32-bit edition)
MS16-121 Microsoft Word 2016 (64-bit edition)
MS16-121 Microsoft Word 2016 for Mac
MS16-121 Microsoft Word Viewer
MS16-121 Microsoft Word for Mac 2011
MS16-121 Office Online Server
MS16-121 Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
MS16-121 Word Automation Services on Microsoft SharePoint Server 2013 Service Pack 1
The update addresses the vulnerabilities by correcting how Internet Explorer handles:
objects in memory
namespace boundaries
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-118 Windows 10 Version 1511 for 32-bit Systems
MS16-118 Windows 10 Version 1511 for x64-based Systems
MS16-118 Windows 10 Version 1607 for 32-bit Systems
MS16-118 Windows 10 Version 1607 for x64-based Systems
MS16-118 Windows 10 for 32-bit Systems
MS16-118 Windows 10 for x64-based Systems
MS16-118 Windows 7 for 32-bit Systems Service Pack 1Monthly Roll Up(Internet Explorer 11)
MS16-118 Windows 7 for 32-bit Systems Service Pack 1Security Only(Internet Explorer 11)
MS16-118 Windows 7 for x64-based Systems Service Pack 1Monthly Roll-Up(Internet Explorer 11)
MS16-118 Windows 7 for x64-based Systems Service Pack 1Security Only(Internet Explorer 11)
MS16-118 Windows 8.1 for 32-bit Systems Security Only(Internet Explorer 11)
MS16-118 Windows 8.1 for 32-bit SystemsMonthly Roll-Up(Internet Explorer 11)
MS16-118 Windows 8.1 for x64-based SystemsMonthly Roll-Up(Internet Explorer 11)
MS16-118 Windows 8.1 for x64-based SystemsSecurity Only(Internet Explorer 11)
MS16-118 Windows Server 2008 R2 for x64-based Systems Service Pack 1Monthly Roll-Up(Internet Explorer 11)
MS16-118 Windows Server 2008 R2 for x64-based Systems Service Pack 1Security Only(Internet Explorer 11)
MS16-118 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 9)
MS16-118 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 9)
MS16-118 Windows Server 2012 Monthly Roll-Up(Internet Explorer 10)
MS16-118 Windows Server 2012 Security Only(Internet Explorer 10)
MS16-118 Windows Server 2012 R2Monthly Roll-Up(Internet Explorer 11)
MS16-118 Windows Server 2012 R2Security Only(Internet Explorer 11)
MS16-118 Windows Vista Service Pack 2(Internet Explorer 9)
MS16-118 Windows Vista x64 Edition Service Pack 2(Internet Explorer 9)
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-119 Windows 10 Version 1511 for 32-bit Systems
MS16-119 Windows 10 Version 1511 for x64-based Systems
MS16-119 Windows 10 Version 1607 for 32-bit Systems
MS16-119 Windows 10 Version 1607 for x64-based Systems
MS16-119 Windows 10 for 32-bit Systems
MS16-119 Windows 10 for x64-based Systems
- A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts.
- Multiple information disclosure vulnerabilities exist in the way that the Windows Graphics Device Interface (GDI) handles objects in memory.
- An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory.
- An elevation of privilege vulnerability exists in Windows when the Windows kernel fails to properly handle objects in memory.
This security update is rated Critical for all supported releases of Microsoft Windows. This security update is rated Important for affected editions of Microsoft Office 2007 and Microsoft Office 2010 affected editions of Skype for Business 2016, Microsoft Lync 2013, and Microsoft Lync 2010 affected editions of Microsoft .NET Framework affected editions of Silverlight.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-120 Microsoft Live Meeting 2007 Console
MS16-120 Microsoft Lync 2010
MS16-120 Microsoft Lync 2010
MS16-120 Microsoft Lync 2010 Attendee
MS16-120 Microsoft Lync 2010 Attendee
MS16-120 Microsoft Lync 2013 Service Pack 1
MS16-120 Microsoft Lync 2013 Service Pack 1
MS16-120 Microsoft Lync Basic 2013 Service Pack 1
MS16-120 Microsoft Lync Basic 2013 Service Pack 1
MS16-120 Microsoft Office 2007 Service Pack 3
MS16-120 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS16-120 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS16-120 Microsoft Silverlight 5
MS16-120 Microsoft Silverlight 5 Developer Runtime
MS16-120 Microsoft Word Viewer
MS16-120 Skype for Business 2016
MS16-120 Skype for Business 2016
MS16-120 Skype for Business Basic 2016
MS16-120 Skype for Business Basic 2016
MS16-120 Windows 10 Version 1511 for 32-bit Systems
MS16-120 Windows 10 Version 1511 for x64-based Systems
MS16-120 Windows 10 Version 1607 for 32-bit Systems
MS16-120 Windows 10 Version 1607 for x64-based Systems
MS16-120 Windows 10 for 32-bit Systems
MS16-120 Windows 10 for x64-based Systems
MS16-120 Windows 7 for 32-bit Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS16-120 Windows 7 for 32-bit Systems Service Pack 1
MS16-120 Windows 7 for 32-bit Systems Service Pack 1
MS16-120 Windows 7 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS16-120 Windows 7 for x64-based Systems Service Pack 1
MS16-120 Windows 7 for x64-based Systems Service Pack 1
MS16-120 Windows 8.1 for 32-bit Systems(Microsoft .NET Framework 3.5)
MS16-120 Windows 8.1 for 32-bit Systems
MS16-120 Windows 8.1 for 32-bit Systems
MS16-120 Windows 8.1 for x64-based Systems(Microsoft .NET Framework 3.5)
MS16-120 Windows 8.1 for x64-based Systems
MS16-120 Windows 8.1 for x64-based Systems
MS16-120 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS16-120 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS16-120 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS16-120 Windows Server 2008 R2 for x64-based Systems Service Pack 1(Microsoft .NET Framework 3.5.1)
MS16-120 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS16-120 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS16-120 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)(Microsoft .NET Framework 3.5.1)
MS16-120 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 3.0 Service Pack 2)
MS16-120 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 4.5.2)
MS16-120 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft .NET Framework 4.6)
MS16-120 Windows Server 2008 for 32-bit Systems Service Pack 2
MS16-120 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS16-120 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 3.0 Service Pack 2)
MS16-120 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 4.5.2)
MS16-120 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft .NET Framework 4.6)
MS16-120 Windows Server 2008 for x64-based Systems Service Pack 2
MS16-120 Windows Server 2012(Microsoft .NET Framework 3.5)
MS16-120 Windows Server 2012
MS16-120 Windows Server 2012
MS16-120 Windows Server 2012 (Server Core installation)(Microsoft .NET Framework 3.5)
MS16-120 Windows Server 2012 R2(Microsoft .NET Framework 3.5)
MS16-120 Windows Server 2012 R2
MS16-120 Windows Server 2012 R2
MS16-120 Windows Server 2012 R2 (Server Core installation)(Microsoft .NET Framework 3.5)
MS16-120 Windows Vista Service Pack 2(Microsoft .NET Framework 3.0 Service Pack 2)
MS16-120 Windows Vista Service Pack 2(Microsoft .NET Framework 4.5.2)
MS16-120 Windows Vista Service Pack 2(Microsoft .NET Framework 4.6)
MS16-120 Windows Vista Service Pack 2
MS16-120 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 3.0 Service Pack 2)
MS16-120 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 4.5.2)
MS16-120 Windows Vista x64 Edition Service Pack 2(Microsoft .NET Framework 4.6)
MS16-120 Windows Vista x64 Edition Service Pack 2
This security update is rated Important for all supported releases of Windows.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-123 Windows 10 Version 1511 for 32-bit Systems
MS16-123 Windows 10 Version 1511 for x64-based Systems
MS16-123 Windows 10 Version 1607 for 32-bit Systems
MS16-123 Windows 10 Version 1607 for x64-based Systems
MS16-123 Windows 10 for 32-bit Systems
MS16-123 Windows 10 for x64-based Systems
MS16-123 Windows 7 for 32-bit Systems Service Pack 1
MS16-123 Windows 7 for 32-bit Systems Service Pack 1
MS16-123 Windows 7 for x64-based Systems Service Pack 1
MS16-123 Windows 7 for x64-based Systems Service Pack 1
MS16-123 Windows 8.1 for 32-bit Systems
MS16-123 Windows 8.1 for 32-bit Systems
MS16-123 Windows 8.1 for x64-based Systems
MS16-123 Windows 8.1 for x64-based Systems
MS16-123 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS16-123 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS16-123 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS16-123 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS16-123 Windows Server 2008 for 32-bit Systems Service Pack 2
MS16-123 Windows Server 2008 for 32-bit Systems Service Pack 2
MS16-123 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS16-123 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS16-123 Windows Server 2008 for x64-based Systems Service Pack 2
MS16-123 Windows Server 2008 for x64-based Systems Service Pack 2
MS16-123 Windows Server 2012
MS16-123 Windows Server 2012
MS16-123 Windows Server 2012 R2
MS16-123 Windows Server 2012 R2
MS16-123 Windows Vista Service Pack 2
MS16-123 Windows Vista Service Pack 2
MS16-123 Windows Vista x64 Edition Service Pack 2
MS16-123 Windows Vista x64 Edition Service Pack 2
Microsoft released a security update to correct how the kernel API restricts access to this information.
This security update is rated Important for all supported releases of Microsoft Windows.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-124 Windows 10 Version 1511 for 32-bit Systems
MS16-124 Windows 10 Version 1511 for x64-based Systems
MS16-124 Windows 10 Version 1607 for 32-bit Systems
MS16-124 Windows 10 Version 1607 for x64-based Systems
MS16-124 Windows 10 for 32-bit Systems
MS16-124 Windows 10 for x64-based Systems
MS16-124 Windows 7 for 32-bit Systems Service Pack 1
MS16-124 Windows 7 for 32-bit Systems Service Pack 1
MS16-124 Windows 7 for x64-based Systems Service Pack 1
MS16-124 Windows 7 for x64-based Systems Service Pack 1
MS16-124 Windows 8.1 for 32-bit Systems
MS16-124 Windows 8.1 for 32-bit Systems
MS16-124 Windows 8.1 for x64-based Systems
MS16-124 Windows 8.1 for x64-based Systems
MS16-124 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS16-124 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS16-124 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS16-124 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS16-124 Windows Server 2008 for 32-bit Systems Service Pack 2
MS16-124 Windows Server 2008 for 32-bit Systems Service Pack 2
MS16-124 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS16-124 Windows Server 2008 for x64-based Systems Service Pack 2
MS16-124 Windows Server 2008 for x64-based Systems Service Pack 2
MS16-124 Windows Server 2012
MS16-124 Windows Server 2012
MS16-124 Windows Server 2012 R2
MS16-124 Windows Server 2012 R2
MS16-124 Windows Vista Service Pack 2
MS16-124 Windows Vista x64 Edition Service Pack 2
The security update addresses the vulnerability by correcting how the Windows Diagnostics Hub Standard Collector Service sanitizes input, to help preclude unintended elevated system privileges.
This security update is rated Important for all supported editions of Windows 10.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-125 Windows 10 Version 1511 for 32-bit Systems
MS16-125 Windows 10 Version 1511 for x64-based Systems
MS16-125 Windows 10 Version 1607 for 32-bit Systems
MS16-125 Windows 10 Version 1607 for x64-based Systems
MS16-125 Windows 10 for 32-bit Systems
MS16-125 Windows 10 for x64-based Systems
The update addresses the vulnerability by changing the way the Microsoft Internet Messaging API handles objects in memory.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-126 Windows 7 for 32-bit Systems Service Pack 1
MS16-126 Windows 7 for 32-bit Systems Service Pack 1
MS16-126 Windows 7 for x64-based Systems Service Pack 1
MS16-126 Windows 7 for x64-based Systems Service Pack 1
MS16-126 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS16-126 Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
MS16-126 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS16-126 Windows Server 2008 R2 for x64-based Systems Service Pack 1
MS16-126 Windows Server 2008 for 32-bit Systems Service Pack 2
MS16-126 Windows Server 2008 for Itanium-based Systems Service Pack 2
MS16-126 Windows Server 2008 for x64-based Systems Service Pack 2
MS16-126 Windows Vista Service Pack 2
MS16-126 Windows Vista x64 Edition Service Pack 2
The update addresses the vulnerabilities described in Adobe Security bulletin APSB16-32.
This security update is rated Critical for Adobe Flash Player in Internet Explorer 10, Internet Explorer 11 and Microsoft Edge.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-127 Windows 8.1 for 32-bit Systems(Adobe Flash Player)
MS16-127 Windows 8.1 for x64-based Systems(Adobe Flash Player)
MS16-127 Windows Server 2012(Adobe Flash Player)
MS16-127 Windows Server 2012 R2(Adobe Flash Player)
These new vulnerability checks are included in Qualys vulnerability signature 2.3.449-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
To perform a selective vulnerability scan, configure a scan profile to use the following options:
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Platforms and Platform Identification
For more information, customers may contact Qualys Technical Support.
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.