December 2016 Patch Tuesday Brief and Updates
December Patch Tuesday ISC Link: https://isc.sans.edu/mspatchdays.html?viewday=2016-12-13
MS16-144
Woha, patch now on clients! Servers might need emergency procedures (depending upon internal governance). There are known exploits and anytime we read “Scripting Engine?” that just does not bode well, for Internet Explorer.
MS16-145
Another patch now for clients, scripting engines seem to not be getting a break here. Similar in nature it seems, Edge also has some vulnerabilities in memory handling that could possibly lead to code execution. Let’s patch those browsers!
MS16-146
Pictures, Images, JPGs oh my… Another reason to scramble, it seems the graphics engine is exploitable and again with known and reported exploits. This one is also a patch now for clients. Servers hopefully don’t browse the internet *cough cough* but should be patched according to internal critical governance, or in other words “Don’t forget your servers!”
MS16-147
Well, had to go look this one up *asks what Uniscribe is* and it had API + Scripting in the function description [1]. There are not any “know” or published exploits that we are aware of on this one, however the dreaded “Remote Code Execution” is in the bulletin, so patch…
MS16-148
Office 2007 – 2016, again, no published exploits that we are aware of, however a broad spectrum of Office suites on this one. The bulletins do include “Remote Code Execution” in the for some of this roll-up. Patch.. Interestingly this handler was met with requests to patch on his home systems J
MS16-149
This one is correcting crypto handling and preventing privilege escalation. Compared to the above this one might be able to take a back set temporarily.
MS16-150
More privilege escalation correction, this patch updates kernel handling. It looks like this one would need a specially crafted application local on the system, so a bit further down the attack cycle.
MS16-151
Getting a sense of entitlement here as MS16-151 is another privilege escalation patch. Anytime 'drivers' are involved this handler always takes a deeper look, however again, it seems an attacker would need a specially crafted program to hit on this vulnerability.
MS16-152
Here we are presented with possible information disclosure from the kernel. Listed as important and no known or published exploits. Correcting the way the kernel handles memory objects is always a good thing in this handlers book.
MS16-153
Logging information disclosure but with an interesting nugget at the top of the brief? "In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to bypass security measures on the affected system allowing further exploitation.[2]"
MS16-154
Patch for Adobe Flash, critical, flash is everywhere... so goes without saying but we will say it anyway "Patch as a critical update!"
MS16-155
Read up on this one, it is .Net related. Seems isolated to a specific version, 4.6.2, however limited to information disclosure. It should be noted that known exploits exist.
We will update this diary as issues or more information is sent in. If anyone experiences any issues patching, let us know!
[1] https://msdn.microsoft.com/en-us/library/windows/desktop/dd374091(v=vs.85).aspx
[2] https://technet.microsoft.com/en-us/library/security/MS16-153
Richard Porter
@packetalien, @packetmonk
--- ISC Handler on Duty
Comments
Anonymous
Dec 14th 2016
8 years ago
[Edit: 145 is in the W10 Cummulative Update apparently...]
Thanks for any suggestions...
Anonymous
Dec 15th 2016
8 years ago