Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Microsoft Patch Tuesday Summary for July 2016 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Patch Tuesday Summary for July 2016

As usual for the second Tuesday fo the month, Microsoft today released its monthly security updates. Microsoft released a total of 11 bulletins. 6 are rated critical, and the remaining five are rated important.

One of the Bulletins (MS16-093) affects Adobe's Flash player and is a copy of Adobe's advisory.

None of the bulletins stick out as "special". There are no bulletins that affect vulnerabilities for which exploits have been observed. But two bulletins included already known vulnerabilities:

CVE-2016-3287 , a vulnerability in Secure Boot.
CVE-2016-3272 , an information disclosure vulnerability in the Windows Kernel.

 

I don't consider either vulnerability very serious.

As far as prioritizing the patches go, I would as usual attend to the Internet Explorer, Edge, Flash and Office patches first.

The printer spool issue is "interesting". An attacker could use the vulnerability to install arbitrary print drivers, which of course would lead to arbitrary code execution. As a workaround, Microsoft suggests that you do restrict printer that your users can use to print. This sounds like a good control, and you should use this vulnerability to make sure the printer configurations are sufficiently adjusted.

For a full list of Bulletins, see our summary here. If you prefer a more structured view, you can also retrieve the bulletin data via our API here.

---

Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

I will be teaching next: Intrusion Detection In-Depth - SIEM Summit & Training 2019

Johannes

3630 Posts
ISC Handler
Johannes,

Interesting write up on the MS16-087 issue here:

http://blog.vectranetworks.com/blog/microsoft-windows-printer-wateringhole-attack
Anonymous
Here the July/12/2016 patch has been disastrous. All of our computers running W10 never completed the patch and cpu/disk activity is pegged close to 100%. Moving a mouse or typing is tediously slow, since this morning we haven't done anything with our computers.

I don't know if this is due to high demand or something else but Microsoft is back with their clusterf*ck updates. Our next move is to delete all the files in the "Softwaredistribution" directory and try again or to disable internet access and don't let windows try to update and ruin our day with a slow computer.

I wonder if more people have the same problems as we do.
Anonymous
Quoting Anonymous:Here the July/12/2016 patch has been disastrous. All of our computers running W10 never completed the patch and cpu/disk activity is pegged close to 100%. Moving a mouse or typing is tediously slow, since this morning we haven't done anything with our computers.

I don't know if this is due to high demand or something else but Microsoft is back with their clusterf*ck updates. Our next move is to delete all the files in the "Softwaredistribution" directory and try again or to disable internet access and don't let windows try to update and ruin our day with a slow computer.

I wonder if more people have the same problems as we do.


Some sage advise, use 1 client in parallel for updates before poisoning the entire network. Or, wait a few days for any fallout.
ICI2I

63 Posts
Hi Guys,

I've noticed you have the CVE (2016-3287) for the MS16-094 (Secure Boot), listed next to MS16-093, instead of the actual list of Adobe CVEs (CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4182, CVE-2016-4188, CVE-2016-4185, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249)


It would be nice if you could correct :)
Anonymous
I did updates on my Windows servers yesterday and they appear to have caused some issues with Excel files. We download files from one of our customers that contain order information. This morning when opening one of the files, Excel acts as if the file will not open. (Excel starts but the file is blank.) When I right click on the file it says that it is “Blocked”. I click on unblock and now I can open the file. I have found several articles talking about this but no one has found a way to fix the issue. I found one article that says uninstalling “KB3115262 MS16-088: Description of the security update for Excel 2013: July 12, 2016” has fixed the issue. Anyone else experienced that?
Deborah

278 Posts
ISC Handler
I did updates on my Windows servers yesterday and they appear to have caused some issues with Excel files. We download files from one of our customers that contain order information. This morning when opening one of the files, Excel acts as if the file will not open. (Excel starts but the file is blank.) When I right click on the file it says that it is “Blocked”. I click on unblock and now I can open the file. I have found several articles talking about this but no one has found a way to fix the issue. I found one article that says uninstalling “KB3115262 MS16-088: Description of the security update for Excel 2013: July 12, 2016” has fixed the issue. Anyone else experienced that?
Deborah

278 Posts
ISC Handler
Hi Deborah
We're having similar problems. The export to Excel button on our Oracle/PeopleSoft system is broken. The only fixes we've found so far are to disable Protected View in Excel or to uninstall the patch. Neither are good ideas...
John
John

88 Posts

Sign Up for Free or Log In to start participating in the conversation!