Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2016-02-09 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Adobe Patch Tuesday - February 2016

Published: 2016-02-09
Last Updated: 2016-02-09 18:43:15 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

APSB16-03: Adobe Photoshop CC and Bridge CC

3 critical vulnerabilities that could lead to code execution with a priority rating of 3 (low): CVE-2016-0951, CVE-2016-0952, CVE-2016-0953. You may have to download the updates directly from Adobe as they will not show up in Creative Cloud Packager!

APSB16-04: Adobe Flash Player

22 critical vulnerabilities that could lead to code execution. The priority rating is 1 for Flash Player (including the Flash Player embedded in Chrome/Edge/Internet Explorer 11) . 

APSB16-05: Adobe Experience Manager

4 important vulnerabilities that could lead to information disclosure. This includes fixes for the Java deserialization issues. 

APSB16-07: Adobe Connect

3 important vulnerabilities that lead to input validation and content spoofing issues. (including cross site request forgery). The priority rating for this update is 1 (low).

 

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords: adobe path tuesday
1 comment(s)

Microsoft February 2016 Patch Tuesday

Published: 2016-02-09
Last Updated: 2016-02-09 18:17:13 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

Overview of the February 2016 Microsoft patches and their status.

# Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*)
clients servers
MS16-009 Cumulative Security Update for Internet Explorer (Replaces MS16-001 )

Internet Explorer
CVE-2016-0041CVE-2016-0059CVE-2016-0060
CVE-2016-0061CVE-2016-0062CVE-2016-0063
CVE-2016-0064CVE-2016-0067CVE-2016-0068
CVE-2016-0069CVE-2016-0071CVE-2016-0072
CVE-2016-0077

KB 3134220 no. Severity:Critical
Exploitability: 1,2,1,1,1,1,1,1,1,3,4,1,3
Critical Critical
MS16-010 MS16-010 was published as part of the January update. (Security Update in Microsoft Exchange Server to Address Spoofing (3124557))
MS16-011 Cumulative Security Update for Microsoft Edge (Replaces KB3124266 )
Microsoft Edge
CVE-2016-0060CVE-2016-0061CVE-2016-0062
CVE-2016-0077CVE-2016-0080CVE-2016-0084
KB 3134225 no. Severity:Critical
Exploitability: 1,1,1,3,1,1
Critical Critical
MS16-012 Remote Code Execution in PDF Library
Microsoft Windows PDF Library
CVE-2016-0058
CVE-2016-0046
KB 3138938 no. Severity:Critical
Exploitability: 2,1
Critical Critical
MS16-013 Remote Code Execution in Windows Journal (Replaces MS15-114 )
Windows Journal
CVE-2016-0038
KB 3134811 no. Severity:Critical
Exploitability: 2
Critical Critical
MS16-014 Remote Code Execution in Microsoft Windows (Replaces MS16-007 )
DLL Loading / Kerberos
CVE-2016-0040
CVE-2016-0041
CVE-2016-0042
CVE-2016-0044
CVE-2016-0049
KB 3134228 no. Severity:Important
Exploitability: 2,2,1,3,2
Critical Important
MS16-015 Remote Code Execution in Microsoft Office (Replaces MS16-004 )
Microsoft Office
CVE-2016-0022
CVE-2016-0052
CVE-2016-0053
CVE-2016-0054
CVE-2016-0055
CVE-2016-0056
KB 3134226 no. Severity:Critical
Exploitability: 1,3,1,1,1,1,1
Critical Important
MS16-016 Elevation of Privilege Vulnerability in WebDAV (Replaces MS16-004 )
WebDAV
CVE-2016-0051
KB 3136041 no. Severity:Important
Exploitability: 2
Important Important
MS16-017 Elevation of Privilege in Remote Desktop Display Driver (Replaces MS15-067 MS15-030 )
Remote Desktop
CVE-2016-0036
KB 3134700 no. Severity:Important
Exploitability: 2
Important Important
MS16-018 Elevation of Privilege Vulnerability in Kernel Mode Drivers (Replaces MS16-005 )
Kernel Mode Drivers
CVE-2016-0048
KB 3136082 no. Severity:Important
Exploitability: 1
Important Important
MS16-019 Denial of Service in .Net Framework (Replaces MS12-025 )
.Net Framework
CVE-2016-0033
CVE-2016-0047
KB 3137893 no. Severity:Important
Exploitability: 3,2
Important Important
MS16-020 Denial of Service Vulnerability in Active Directory Federation Service (Replaces MS12-040 )
Active Directory Federation Serivce
CVE-2016-0037
KB 3134222 no. Severity:Important
Exploitability: 3
Important Important
MS16-021 Denial of Service Vulnerability in NPS RADIUS Server (Replaces MS15-007 )
Network Policy Server
CVE-2016-0050
KB 3133043 no. Severity:Important
Exploitability: 3
Important Important
We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.

       

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

0 comment(s)

Out-of Order Java Update

Published: 2016-02-09
Last Updated: 2016-02-09 14:12:28 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

Oracle released an emergency update for Java [1]. The nature of the flaw, and how the update fixes the flaw, is somewhat obscured. According to Oracle's advisory, the user would first have to install malicious software, then install Java. So it doesn't appear to be exploitable on any system that has Java already installed. The Oracle advisory also states that an exploit is complex.

At this point, I don't see a compelling reason to "rush out" this patch. Deal with it as part of your regular patch process. Some of the Microsoft patches to be released later today are likely more important.

[1] https://blogs.oracle.com/security/entry/security_alert_cve_2016_0603

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords:
3 comment(s)
ISC Stormcast For Tuesday, February 9th 2016 http://isc.sans.edu/podcastdetail.html?id=4859
Diary Archives