Microsoft security alert.
December 13, 2016
Advisory overview
Qualys Vulnerability R&D Lab has released new vulnerability checks in the Enterprise TruRisk Platform to protect organizations against 59 vulnerabilities that were fixed in 12 bulletins announced today by Microsoft. Customers can immediately audit their networks for these and other new vulnerabilities by accessing their Qualys subscription. Visit Qualys Security Blog to prioritize remediation.
Non-Qualys customers can audit their network for these and other vulnerabilities by signing up for a Qualys Free Trial, or by trying Qualys Community Edition.
Vulnerability details
Microsoft has released 12 security bulletins to fix newly discovered flaws in their software. Qualys has released the following checks for these new vulnerabilities:
-
Windows Secure Kernel Mode Elevation of Privileges Vulnerability (MS16-150)
- Severity
- Critical 4
- Qualys ID
- 91313
- Vendor Reference
- MS16-150
- CVE Reference
- CVE-2016-7271
- CVSS Scores
- Base 4.6 / Temporal 3.4
- Description
-
The Windows kernel is the core of the operating system. It provides system-level services such as device management and memory management, allocates processor time to processes, and manages error handling.
The security update resolves an elevation of privilege vulnerability when the Windows Secure Kernel Mode fails to properly handle objects in memory.
This security update is rated Important for Microsoft Windows 10 and Windows Server 2016. - Consequence
-
This vulnerability could allow elevation of privileges if an attacker logs on to a system and runs a specially crafted application.
An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. - Solution
-
Customers are advised to refer to MS16-150 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-150 Windows 10
MS16-150 Windows 10 version 1511
MS16-150 Windows 10 version 1607
MS16-150 Windows Server 2016
-
Microsoft Cumulative Security Update for Windows (MS16-149)
- Severity
- Critical 4
- Qualys ID
- 91319
- Vendor Reference
- MS16-149
- CVE Reference
- CVE-2016-7219, CVE-2016-7292
- CVSS Scores
- Base 7.2 / Temporal 5.3
- Description
-
Microsoft has released a cumulative security update for Windows. The security update is rated Important for all affected Operating Systems.
Microsoft has addressed the vulnerabilities by fixing:
1) How a Windows Crypto Driver handles objects in memory.
2) The input sanitization error which allowed privilege escalation.
- Consequence
-
The vulnerabilities addressed in the update may allow a locally authenticated attacker to elevate privileges by running a specially crafted application.
- Solution
-
Customers are advised to view MS16-149 for instructions pertaining to the remediation of these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-149 WES09 and POSReady 2009
MS16-149 Windows
MS16-149 Windows 10
MS16-149 Windows 10 Version 1511
MS16-149 Windows 10 Version 1511 for x64-based Systems
MS16-149 Windows 10 Version 1607
MS16-149 Windows 10 Version 1607 for x64-based Systems
MS16-149 Windows 10 for x64-based Systems
MS16-149 Windows 7
MS16-149 Windows 7 Monthly Roll-Up
MS16-149 Windows 7 for x64-based Systems
MS16-149 Windows 7 for x64-based Systems Monthly Roll-Up
MS16-149 Windows 8.1
MS16-149 Windows 8.1 Monthly Roll-Up
MS16-149 Windows 8.1 for x64-based Systems
MS16-149 Windows 8.1 for x64-based Systems Monthly Roll-Up
MS16-149 Windows Embedded 8 Standard
MS16-149 Windows Embedded 8 Standard Monthly Roll-Up
MS16-149 Windows Embedded 8 Standard for x64-based Systems
MS16-149 Windows Embedded 8 Standard for x64-based Systems Monthly Roll-Up
MS16-149 Windows Embedded Standard 7
MS16-149 Windows Embedded Standard 7 Monthly Roll-Up
MS16-149 Windows Embedded Standard 7 for x64-based Systems
MS16-149 Windows Embedded Standard 7 for x64-based Systems Monthly Roll-Up
MS16-149 Windows Server 2008
MS16-149 Windows Server 2008
MS16-149 Windows Server 2008 R2 for Itanium-based Systems
MS16-149 Windows Server 2008 R2 for Itanium-based Systems Monthly Roll-Up
MS16-149 Windows Server 2008 R2 for x64-based Systems
MS16-149 Windows Server 2008 R2 for x64-based Systems Monthly Roll-Up
MS16-149 Windows Server 2008 for Itanium-based Systems
MS16-149 Windows Server 2008 for Itanium-based Systems
MS16-149 Windows Server 2008 for x64-based Systems
MS16-149 Windows Server 2008 x64 Edition
MS16-149 Windows Server 2012
MS16-149 Windows Server 2012 Monthly Roll-Up
MS16-149 Windows Server 2012 R2
MS16-149 Windows Server 2012 R2 Monthly Roll-Up
MS16-149 Windows Server 2016 for x64-based Systems
MS16-149 Windows Vista
MS16-149 Windows Vista
MS16-149 Windows Vista for x64-based Systems
MS16-149 Windows Vista for x64-based Systems
-
Microsoft Cumulative Security Update for Internet Explorer (MS16-144)
- Severity
- Urgent 5
- Qualys ID
- 100302
- Vendor Reference
- MS16-144
- CVE Reference
- CVE-2016-7202, CVE-2016-7278, CVE-2016-7279, CVE-2016-7281, CVE-2016-7282, CVE-2016-7283, CVE-2016-7284, CVE-2016-7287
- CVSS Scores
- Base 9.3 / Temporal 8.1
- Description
-
Internet Explorer is a web-browser developed by Microsoft which is included in Microsoft Windows Operating Systems.
Microsoft has released Cumulative Security Updates for Internet Explorer which addresses various vulnerabilities found in Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10) and Internet Explorer 11 (IE 11). The security updated is rated Critical for affected Windows Client for Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10) and Internet Explorer 11 (IE 11) and Moderate on affected Windows Servers.
The security update addresses the vulnerabilities by fixing:
1) How Internet Explorer modifies objects in memory.
2) By checking Same Origin Policy for scripts running in the Web Workers
3) How the scripting engines handles objects in memory
- Consequence
-
The vulnerabilities addressed in the updated could allow an attacker to obtain information that would the help the attacker further to compromise the target. An attacker could host a malicious website or compromise a website to exploit the vulnerabilities. The attacker can gain the same privileges as the user and depending on the situation, the attacker can then view, modify or delete data as well as create new accounts with full user privileges.
- Solution
-
For more information, Customers are advised to refer the official advisory from Microsoft (MS16-144).
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-144 Windows 10 Version 1511 for 32-bit Systems
MS16-144 Windows 10 Version 1511 for x64-based Systems
MS16-144 Windows 10 Version 1607 for 32-bit Systems
MS16-144 Windows 10 Version 1607 for x64-based Systems
MS16-144 Windows 10 for 32-bit Systems
MS16-144 Windows 10 for x64-based Systems
MS16-144 Windows 7 for 32-bit Systems Service Pack 1Monthly Rollup(Internet Explorer 11)
MS16-144 Windows 7 for 32-bit Systems Service Pack 1Security Only(Internet Explorer 11)
MS16-144 Windows 7 for x64-based Systems Service Pack 1Monthly Rollup(Internet Explorer 11)
MS16-144 Windows 7 for x64-based Systems Service Pack 1Security Only(Internet Explorer 11)
MS16-144 Windows 8.1 for 32-bit Systems Security Only(Internet Explorer 11)
MS16-144 Windows 8.1 for 32-bit SystemsMonthly Rollup(Internet Explorer 11)
MS16-144 Windows 8.1 for x64-based SystemsMonthly Rollup(Internet Explorer 11)
MS16-144 Windows 8.1 for x64-based SystemsSecurity Only(Internet Explorer 11)
MS16-144 Windows Server 2008 R2 for x64-based Systems Service Pack 1Monthly Rollup(Internet Explorer 11)
MS16-144 Windows Server 2008 R2 for x64-based Systems Service Pack 1Security Only(Internet Explorer 11)
MS16-144 Windows Server 2008 for 32-bit Systems Service Pack 2(Internet Explorer 9)
MS16-144 Windows Server 2008 for 32-bit Systems Service Pack 2(Microsoft Windows Hyperlink Object Library)
MS16-144 Windows Server 2008 for x64-based Systems Service Pack 2(Internet Explorer 9)
MS16-144 Windows Server 2008 for x64-based Systems Service Pack 2(Microsoft Windows Hyperlink Object Library)
MS16-144 Windows Server 2012 R2Monthly Rollup(Internet Explorer 11)
MS16-144 Windows Server 2012 R2Security Only(Internet Explorer 11)
MS16-144 Windows Server 2012Monthly Rollup(Internet Explorer 10)
MS16-144 Windows Server 2012Security Only(Internet Explorer 10)
MS16-144 Windows Server 2016 for x64-based Systems
MS16-144 Windows Vista Service Pack 2(Internet Explorer 9)
MS16-144 Windows Vista Service Pack 2(Microsoft Windows Hyperlink Object Library)
MS16-144 Windows Vista x64 Edition Service Pack 2(Internet Explorer 9)
MS16-144 Windows Vista x64 Edition Service Pack 2(Microsoft Windows Hyperlink Object Library)
-
Microsoft Edge Cumulative Security Update (MS16-145)
- Severity
- Serious 3
- Qualys ID
- 91316
- Vendor Reference
- MS16-145
- CVE Reference
- CVE-2016-7181, CVE-2016-7206, CVE-2016-7279, CVE-2016-7280, CVE-2016-7281, CVE-2016-7282, CVE-2016-7286, CVE-2016-7287, CVE-2016-7288, CVE-2016-7296, CVE-2016-7297
- CVSS Scores
- Base 7.6 / Temporal 6.6
- Description
-
Microsoft has rated this update as critical for Microsoft Edge on Windows 10.
The update patches the vulnerabilities by:
Adressing how browsers handle objects in memory, and how it applies Same Origin Policy for scripts running inside Web Workers
Checks on Scripting engine when handling objects in memory.
- Consequence
-
The most severe of the vulnerabilities could allow attacker to perform remote code execution, by corrupting browser memory, by corrupting the scripting engine memory. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user and by pass security features .
- Solution
-
Customers are advised to refer to Microsoft Security Bulletin MS16-145 for details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-145 Windows 10 Version 1511 for 32-bit Systems
MS16-145 Windows 10 Version 1511 for x64-based Systems
MS16-145 Windows 10 Version 1607 for 32-bit Systems
MS16-145 Windows 10 Version 1607 for x64-based Systems
MS16-145 Windows 10 for 32-bit Systems
MS16-145 Windows 10 for x64-based Systems
MS16-145 Windows Server 2016 for x64-based Systems
-
Microsoft Windows Graphics Component Multiple Vulnerabilites (MS16-146)
- Severity
- Urgent 5
- Qualys ID
- 91312
- Vendor Reference
- MS16-146
- CVE Reference
- CVE-2016-7257, CVE-2016-7272, CVE-2016-7273
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
Microsoft Windows Graphics Component is prone to multiple vulnerabilities that could lead to information disclosure or Remote code execution.
The security update addresses the vulnerabilities by correcting how:
- The Windows Graphics component handles objects in the memory.
- The Windows GDI component handles objects in memory.
This security update is rated Critical for all supported releases of Microsoft Windows.
- Consequence
- The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document.
- Solution
-
Refer to MS16-146 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-146 Windows
-
Windows Uniscribe Remote Code Execution Vulnerability (MS16-147)
- Severity
- Urgent 5
- Qualys ID
- 91311
- Vendor Reference
- MS16-147
- CVE Reference
- CVE-2016-7274
- CVSS Scores
- Base 9.3 / Temporal 7.3
- Description
-
A remote code execution vulnerability exists in Windows due to the way Windows Uniscribe handles objects in the memory.
This security update addresses the vulnerability by correcting how Windows Uniscribe handles objects in memory.
This security update is rated Critical for all supported releases of Microsoft Windows.
- Consequence
- The vulnerability could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document.
- Solution
-
For more information, Customers are advised to refer the official advisory from Microsoft (MS16-147).
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-147 Windows
-
Microsoft Office Remote Code Execution Vulnerabilities (MS16-148)
- Severity
- Critical 4
- Qualys ID
- 110292
- Vendor Reference
- MS16-148
- CVE Reference
- CVE-2016-7257, CVE-2016-7262, CVE-2016-7263, CVE-2016-7264, CVE-2016-7265, CVE-2016-7266, CVE-2016-7267, CVE-2016-7268, CVE-2016-7275, CVE-2016-7276, CVE-2016-7277, CVE-2016-7289, CVE-2016-7290, CVE-2016-7291, CVE-2016-7298, CVE-2016-7300
- CVSS Scores
- Base 9.3 / Temporal 7.7
- Description
-
This security update resolves vulnerabilities in Microsoft Office.
The security update addresses the vulnerabilities by correcting how: - Microsoft Office initializes variables. - Microsoft Office validates input - Microsoft Office rechecks registry values - Microsoft Office parses file formats - Affected versions of Office and Office components handle objects in memory - Microsoft Office for Mac Autoupdate Validates Packages. - Consequence
- The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user.
- Solution
-
Refer to MS16-148 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-148 Excel Services on Microsoft SharePoint Server 2007 Service Pack 3 (32-bit edition)
MS16-148 Excel Services on Microsoft SharePoint Server 2007 Service Pack 3 (64-bit edition)
MS16-148 Excel Services on Microsoft SharePoint Server 2010 Service Pack 2
MS16-148 Microsoft Excel 2007 Service Pack 3
MS16-148 Microsoft Excel 2010 Service Pack 2 (32-bit editions)
MS16-148 Microsoft Excel 2010 Service Pack 2 (64-bit editions)
MS16-148 Microsoft Excel 2013 Service Pack 1 (32-bit editions)
MS16-148 Microsoft Excel 2013 Service Pack 1 (64-bit editions)
MS16-148 Microsoft Excel 2016 (32-bit edition)
MS16-148 Microsoft Excel 2016 (64-bit edition)
MS16-148 Microsoft Excel Viewer
MS16-148 Microsoft Office 2007 Service Pack 3
MS16-148 Microsoft Office 2007 Service Pack 3
MS16-148 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS16-148 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS16-148 Microsoft Office 2010 Service Pack 2 (32-bit editions)
MS16-148 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS16-148 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS16-148 Microsoft Office 2010 Service Pack 2 (64-bit editions)
MS16-148 Microsoft Office 2013 Service Pack 1 (32-bit editions)
MS16-148 Microsoft Office 2013 Service Pack 1 (64-bit editions)
MS16-148 Microsoft Office 2016 (32-bit edition)
MS16-148 Microsoft Office 2016 (64-bit edition)
MS16-148 Microsoft Office Compatibility Pack Service Pack 3
MS16-148 Microsoft Office Compatibility Pack Service Pack 3
MS16-148 Microsoft Office Web Apps 2010 Service Pack 2
MS16-148 Microsoft Publisher 2010 Service Pack 2 (32-bit editions)
MS16-148 Microsoft Publisher 2010 Service Pack 2 (64-bit editions)
MS16-148 Microsoft Word 2007 Service Pack 3
MS16-148 Microsoft Word 2010 Service Pack 2 (32-bit editions)
MS16-148 Microsoft Word 2010 Service Pack 2 (64-bit editions)
MS16-148 Microsoft Word Viewer
MS16-148 Microsoft Word Viewer
MS16-148 Microsoft Word Viewer
MS16-148 Word Automation Services on Microsoft SharePoint Server 2010 Service Pack 2
-
Microsoft Security Update for Windows Kernel-Mode Drivers (MS16-151)
- Severity
- Critical 4
- Qualys ID
- 91314
- Vendor Reference
- MS16-151
- CVE Reference
- CVE-2016-7259, CVE-2016-7260
- CVSS Scores
- Base 7.2 / Temporal 5.6
- Description
-
This security update resolves multiple vulnerabilities in Microsoft Windows.
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. (CVE-2016-7259)
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. (CVE-2016-7260)
The update addresses the vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory.This security update is rated Critical for all supported releases of Microsoft Windows.
- Consequence
- The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document.
- Solution
-
Customers are advised to refer to MS16-151 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-151 windows
-
Microsoft Security Update for Windows Kernel (MS16-152)
- Severity
- Serious 3
- Qualys ID
- 91320
- Vendor Reference
- MS16-152
- CVE Reference
- CVE-2016-7258
- CVSS Scores
- Base 2.1 / Temporal 1.6
- Description
-
Microsoft rates this vulnerability as important for all versions of Windows 10 and Windows Server 2016. An Information Disclosure vulnerability exists in the Windows kernel (CVE-2016-7258).
The update addresses the vulnerability by changing how Kernel handles objects in memory.
- Consequence
-
The kernel fails to handle certain page faults for system calls. This allows the attacker to disclose information from one process to another.
- Solution
-
Customers are advised to refer to MS16-152 for more information.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-152 Windows 10 Version 1511 for 32-bit Systems
MS16-152 Windows 10 Version 1511 for x64-based Systems
MS16-152 Windows 10 Version 1607 for 32-bit Systems
MS16-152 Windows 10 Version 1607 for x64-based Systems
MS16-152 Windows 10 for 32-bit Systems
MS16-152 Windows 10 for x64-based Systems
MS16-152 Windows Server 2016 for x64-based Systems
-
Microsoft Windows Common Log File System Driver Information Disclosure Vulnerability (MS16-153)
- Severity
- Critical 4
- Qualys ID
- 91315
- Vendor Reference
- MS16-153
- CVE Reference
- CVE-2016-7295
- CVSS Scores
- Base 2.1 / Temporal 1.6
- Description
-
An information disclosure vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory.
This security update is rated Important for all supported releases of Microsoft Windows.
- Consequence
- Successful exploitation allows an attacker to exploit this vulnerability by running a specially crafted application to bypass security measures on the affected system allowing further exploitation.
- Solution
-
Refer to Microsoft Security Bulletin MS16-153 for further details.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-153
-
Microsoft Windows Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (MS16-154)
- Severity
- Urgent 5
- Qualys ID
- 100303
- Vendor Reference
- MS16-154
- CVE Reference
- CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892
- CVSS Scores
- Base 9.3 / Temporal 8.1
- Description
-
The update addresses the vulnerabilities which are described in Adobe Security Bulletin APSB16-39, by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.
- Consequence
-
Successful exploitation of this vulnerability will allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system.
- Solution
-
Customers are advised to view MS16-154 for instructions pertaining to the remediation of these vulnerabilities.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
MS16-154
-
Microsoft .NET Framework Information Disclosure Vulnerability (MS16-155)
- Severity
- Critical 4
- Qualys ID
- 91318
- Vendor Reference
- MS16-155
- CVE Reference
- CVE-2016-7270
- CVSS Scores
- Base 5 / Temporal 3.9
- Description
-
An information disclosure vulnerability exists in Microsoft .NET 4.6.2 Frameworks Data Provider for SQL Server that could allow an attacker to access information that should be defended by the Always Encrypted feature. The vulnerability is caused when .NET Framework improperly uses a developer-supplied key. When this key is misused, it is also possible for access to data to be temporarily lost.
This security update is rated Important for Microsoft .NET Framework 4.6.2.
- Consequence
- Successful exploitation allows an attacker to access the incorrectly encrypted data and attempt to decrypt the data using an easily guessable key.
- Solution
-
Customers are advised to refer to Microsoft Advisory MS16-155 for more details pertaining to this vulnerability.
Patches:
The following are links for downloading patches to fix these vulnerabilities:
ms16-155
These new vulnerability checks are included in Qualys vulnerability signature 2.3.495-3. Each Qualys account is automatically updated with the latest vulnerability signatures as they become available. To view the vulnerability signature version in your account, from the Qualys Help menu, select the About tab.
Selective Scan Instructions Using Qualys
To perform a selective vulnerability scan, configure a scan profile to use the following options:
- Ensure access to TCP ports 135 and 139 are available.
- Enable Windows Authentication (specify Authentication Records).
-
Enable the following Qualys IDs:
- 91313
- 91319
- 100302
- 91316
- 91312
- 91311
- 110292
- 91314
- 91320
- 91315
- 100303
- 91318
- If you would like the scan to return the Windows Hostname, also include QID 82044 and ensure access to UDP port 137 is available.
- If you would like to be notified if Qualys is unable to log on to a host (if Authentication fails), also include QID 105015.
In addition, prior to running a scan for these new vulnerabilities, you can estimate your exposure to these new threats by running the Risk Analysis Report, available from the Qualys Vulnerability Management Reports tab.
Access for Qualys Customers
Platforms and Platform Identification
Technical Support
For more information, customers may contact Qualys Technical Support.
About Qualys
The Enterprise TruRisk Platform and its integrated suite of security and compliance applications provides organizations of all sizes with a global view of their security and compliance solutions, while drastically reducing their total cost of ownership. Qualys solutions include: continuous monitoring, vulnerability management, policy compliance, PCI compliance, security assessment questionnaire, web application scanning, web application firewall, malware detection and SECURE Seal for security testing of web sites.