Microsoft today released 13 bulletins (plus one bulletin from Adobe for Flash). 5 of the Microsoft bulletins, and the Adobe Flash bulletin are rated critical. There are a number of vulnerabilities that have either already been known, or have already been exploited: MS16-129 and MS16-142 (Internet Explorer): An information disclosure (CVE-2016-7199) has already been publicly disclosed, but not been exploited yet. The vulnerability can leak information cross-origin. In addition there is a spoofing vulnerability that only affects Microsoft Edge that has been publicly disclosed ( CVE-2016-7209 ). MS16-132 (Microsoft Graphics Component): This is yet another open type font issue (CVE-2016-7256). IT has already been exploited and I labeled this bulletin as "Patch Now" . The vulnerability can be used for remote code execution. MS16-135 (Kernel Mode Drivers): A Win32k priviledge escalation vulnerability (CVE-2016-7255) has already been publicly disclosed and exploited. This one is a bit odd in that it sounds like what Google released as CVE-2016-7855. Trying to clarify if this is a typo. Full details: https://isc.sans.edu/mspatchdays.html?viewday=2016-11-08 Note that Microsoft didn't use the first two bulletins for the usual Internet Explorer and Edge cumulative updates. Instead, the first bulletin (MS16-129) is used for Edge, and the last one (MS16-142) is used for Internet Explorer. The Flash update uses the next to last bulletin (MS16-141).
--- |
Johannes 4068 Posts ISC Handler Nov 8th 2016 |
Thread locked Subscribe |
Nov 8th 2016 4 years ago |
I'm having issues with pulling json format of ms patch Tuesday API. "binary garbage" seems to be returning. the XML format works well.
curl -s https://isc.sans.edu/api/getmspatchday/2016-11-08?json |
MD 11 Posts |
Quote |
Nov 9th 2016 4 years ago |
I think you are getting the gzipped response for some reason. I have to look back to see what the reason was for that again.
|
Johannes 4068 Posts ISC Handler |
Quote |
Nov 9th 2016 4 years ago |
Links to CVEs dont work.
|
TexISO 19 Posts |
Quote |
Nov 9th 2016 4 years ago |
MS16-132
Anyone has an issue with MS16-132 pulling it up on WSUS? I'm trying to push MS16-132 too all my workstations (windows 7), but when I pull up MS16-132 on my WSUS Server, the only patches showing are for Windows Server 2008. I don't see the patches for Windows 7. Thanks... |
TexISO 1 Posts |
Quote |
Nov 10th 2016 4 years ago |
Sign Up for Free or Log In to start participating in the conversation!