Threat Level: green Handler on Duty: Pasquale Stirparo

SANS ISC: November 2016 Microsoft Patch Day - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
November 2016 Microsoft Patch Day

Microsoft today released 13 bulletins (plus one bulletin from Adobe for Flash). 5 of the Microsoft bulletins, and the Adobe Flash bulletin are rated critical. There are a number of vulnerabilities that have either already been known, or have already been exploited:

MS16-129 and MS16-142 (Internet Explorer): An information disclosure (CVE 2016-7199) has already been publicly disclosed, but not been exploited yet. The vulnerability can leak information cross-origin. In addition there is a spoofing vulnerability that only affects Microsoft Edge that has been publicly disclosed ( CVE 2016-7209 ).

MS16-132 (Microsoft Graphics Component): This is yet another open type font issue (CVE 2016-7256). IT has already been exploited and I labeled this bulletin as "Patch Now" . The vulnerability can be used for remote code execution.

MS16-135 (Kernel Mode Drivers): A Win32k priviledge escalation vulnerability (CVE 2016-7255) has already been publicly disclosed and exploited. This one is a bit odd in that it sounds like what Google released as CVE 2016-7855. Trying to clarify if this is a typo. 

Full details: https://isc.sans.edu/mspatchdays.html?viewday=2016-11-08

Note that Microsoft didn't use the first two bulletins for the usual Internet Explorer and Edge cumulative updates. Instead, the first bulletin (MS16-129) is used for Edge, and the last one (MS16-142) is used for Internet Explorer. The Flash update uses the next to last bulletin (MS16-141). 

 

 

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Johannes

2930 Posts
ISC Handler
I'm having issues with pulling json format of ms patch Tuesday API. "binary garbage" seems to be returning. the XML format works well.

curl -s https://isc.sans.edu/api/getmspatchday/2016-11-08?json
MD

11 Posts Posts
I think you are getting the gzipped response for some reason. I have to look back to see what the reason was for that again.
Johannes

2930 Posts Posts
ISC Handler
Links to CVEs dont work.
TexISO

19 Posts Posts
MS16-132
Anyone has an issue with MS16-132 pulling it up on WSUS?
I'm trying to push MS16-132 too all my workstations (windows 7), but when I pull up MS16-132 on my WSUS Server, the only patches showing are for Windows Server 2008. I don't see the patches for Windows 7.
Thanks...
Anonymous

Posts

Sign Up for Free or Log In to start participating in the conversation!