Feed aggregator

MS16-092 - Important: Security Update for Windows Kernel (3171910) - Version: 1.1

Microsoft Security Notifications - Mon, 07/18/2016 - 09:00
Severity Rating: Important
Revision Note: V1.1 (July 18, 2016): Bulletin revised to add an Update FAQ to inform customers running Windows Server 2012 that they do not need to install the 3170377 and 3172727 updates in a particular order.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow security feature bypass if the Windows kernel fails to properly validate permissions.
Categories: Security Alerts

MS16-094 - Important: Security Update for Secure Boot (3177404) - Version: 1.1

Microsoft Security Notifications - Mon, 07/18/2016 - 09:00
Severity Rating: Important
Revision Note: V1.1 (July 18, 2016): Bulletin revised to add an Update FAQ to inform customers running Windows Server 2012 that they do not need to install the 3170377 and 3172727 updates in a particular order.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow Secure Boot security features to be bypassed if an attacker installs an affected policy on a target device. An attacker must have either administrative privileges or physical access to install a policy and bypass Secure Boot.
Categories: Security Alerts

MS16-077 - Important: Security Update for WPAD (3165191) - Version: 1.2

Microsoft Security Notifications - Wed, 07/13/2016 - 09:00
Severity Rating: Important
Revision Note: V1.2 (July 13, 2016): Bulletin revised to correct the workarounds for CVE-2016-3213 and CVE-2016-3236. This is an informational change only. Customers who have successfully installed the updates do not need to take any further action.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if the Web Proxy Auto Discovery (WPAD) protocol falls back to a vulnerable proxy discovery process on a target system.
Categories: Security Alerts

MS16-035 - Important: Security Update for .NET Framework to Address Security Feature Bypass (3141780) - Version: 2.2

Microsoft Security Notifications - Wed, 07/13/2016 - 09:00
Severity Rating: Important
Revision Note: V2.2 (July 13, 2016): Revised bulletin to inform customers that the 3135996 update has been refreshed. This is an informational notification only. Customers who have already successfully installed the update do not need to take any further action.
Summary: This security update resolves a vulnerability in Microsoft .NET Framework. The security feature bypass exists in a .NET Framework component that does not properly validate certain elements of a signed XML document.
Categories: Security Alerts

MS16-084 - Critical: Cumulative Security Update for Internet Explorer (3169991) - Version: 1.0

Microsoft Security Notifications - Tue, 07/12/2016 - 09:00
Severity Rating: Critical
Revision Note: V1.0 (July 12, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Categories: Security Alerts

MS16-085 - Critical: Cumulative Security Update for Microsoft Edge (3169999) - Version: 1.0

Microsoft Security Notifications - Tue, 07/12/2016 - 09:00
Severity Rating: Critical
Revision Note: V1.0 (July 12, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
Categories: Security Alerts

MS16-086 - Critical: Cumulative Security Update for JScript and VBScript (3169996) - Version: 1.0

Microsoft Security Notifications - Tue, 07/12/2016 - 09:00
Severity Rating: Critical
Revision Note: V1.0 (July 12, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Categories: Security Alerts

MS16-089 - Important: Security Update for Windows Secure Kernel Mode (3170050) - Version: 1.0

Microsoft Security Notifications - Tue, 07/12/2016 - 09:00
Severity Rating: Important
Revision Note: V1.0 (July 12, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Windows Secure Kernel Mode improperly handles objects in memory.
Categories: Security Alerts

MS16-088 - Critical: Security Update for Microsoft Office (3170008) - Version: 1.0

Microsoft Security Notifications - Tue, 07/12/2016 - 09:00
Severity Rating: Critical
Revision Note: V1.0 (July 12, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Categories: Security Alerts

MS16-087 - Critical: Security Update for Windows Print Spooler Components (3170005) - Version: 1.0

Microsoft Security Notifications - Tue, 07/12/2016 - 09:00
Severity Rating: Critical
Revision Note: V1.0 (July 12, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if an attacker is able to execute a man-in-the-middle (MiTM) attack on a workstation or print server, or sets up a rogue print server on a target network.
Categories: Security Alerts

MS16-091 - Important: Security Update for .NET Framework (3170048) - Version: 1.0

Microsoft Security Notifications - Tue, 07/12/2016 - 09:00
Severity Rating: Important
Revision Note: V1.0 (July 12, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker uploads a specially crafted XML file to web-based application.
Categories: Security Alerts

MS16-090 - Important: Security Update for Windows Kernel-Mode Drivers (3171481) - Version: 1.0

Microsoft Security Notifications - Tue, 07/12/2016 - 09:00
Severity Rating: Important
Revision Note: V1.0 (July 12, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.
Categories: Security Alerts

MS16-093 - Critical: Security Update for Adobe Flash Player (3174060) - Version: 1.0

Microsoft Security Notifications - Tue, 07/12/2016 - 09:00
Severity Rating: Critical
Revision Note: V1.0 (July 12, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Categories: Security Alerts

MS15-094 - Important: Security Update for Secure Boot (3175677) - Version: 1.0

Microsoft Security Notifications - Tue, 07/12/2016 - 09:00
Severity Rating: Important
Revision Note: V1.0 (July 12, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow Secure Boot security features to be bypassed if an attacker installs an affected policy on a target device. An attacker must have either administrative privileges or physical access to install a policy and bypass Secure Boot.
Categories: Security Alerts

TA16-187A: Symantec and Norton Security Products Contain Critical Vulnerabilities

US-CERT Security Alerts - Tue, 07/05/2016 - 06:50
Original release date: July 05, 2016
Systems Affected

All Symantec and Norton branded antivirus products

Overview

Symantec and Norton branded antivirus products contain multiple vulnerabilities. Some of these products are in widespread use throughout government and industry. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system.

Description

The vulnerabilities are listed below:

CVE-2016-2207

  • Symantec Antivirus multiple remote memory corruption unpacking RAR [1]

CVE-2016-2208

  • Symantec antivirus products use common unpackers to extract malware binaries when scanning a system. A heap overflow vulnerability in the ASPack unpacker could allow an unauthenticated remote attacker to gain root privileges on Linux or OSX platforms. The vulnerability can be triggered remotely using a malicious file (via email or link) with no user interaction. [2]

CVE-2016-2209 

  • Symantec: PowerPoint misaligned stream-cache remote stack buffer overflow [3]

CVE-2016-2210

  • Symantec: Remote Stack Buffer Overflow in dec2lha library [4]         

CVE-2016-2211

  • Symantec: Symantec Antivirus multiple remote memory corruption unpacking MSPACK Archives [5]

CVE-2016-3644

  • Symantec: Heap overflow modifying MIME messages [6]      

CVE-2016-3645

  • Symantec: Integer Overflow in TNEF decoder [7]       

CVE-2016 -3646

  • Symantec: missing bounds checks in dec2zip ALPkOldFormatDecompressor::UnShrink [8]

 

Impact

The large number of products affected (24 products), across multiple platforms (OSX, Windows, and Linux), and the severity of these vulnerabilities (remote code execution at root or SYSTEM privilege) make this a very serious event. A remote, unauthenticated attacker may be able to run arbitrary code at root or SYSTEM privileges by taking advantage of these vulnerabilities. Some of the vulnerabilities require no user interaction and are network-aware, which could result in a wormable-event.

Solution

Symantec has provided patches or hotfixes to these vulnerabilities in their SYM16-008 [9] and SYM16-010 [10] security advisories.

US-CERT encourages users and network administrators to patch Symantec or Norton antivirus products immediately. While there has been no evidence of exploitation, the ease of attack, widespread nature of the products, and severity of the exploit may make this vulnerability a popular target.

References Revision History
  • July 5, 2016: Initial Release

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Security Alerts

MS16-063 - Critical: Cumulative Security Update for Internet Explorer (3163649) - Version: 1.1

Microsoft Security Notifications - Wed, 06/22/2016 - 09:00
Severity Rating: Critical
Revision Note: V1.1 (June 22, 2016): Bulletin revised to add workarounds for CVE-2016-3213. This is an informational change only. Customers who have successfully installed the updates do not need to take any further action.
Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Categories: Security Alerts

MS16-083 - Critical: Security Update for Adobe Flash Player (3167685) - Version: 1.0

Microsoft Security Notifications - Thu, 06/16/2016 - 09:00
Severity Rating: Critical
Revision Note: V1.0 (June 16, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
Categories: Security Alerts

MS16-074 - Important: Security Update for Microsoft Graphics Component (3164036) - Version: 1.1

Microsoft Security Notifications - Wed, 06/15/2016 - 09:00
Severity Rating: Important
Revision Note: V1.1 (June 15, 2016): Revised the Executive Summary to correct the attack vector description. This is an informational change only.
Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if a user opens a specially crafted application.
Categories: Security Alerts

MS16-069 - Critical: Cumulative Security Update for JScript and VBScript (3163640) - Version: 1.0

Microsoft Security Notifications - Tue, 06/14/2016 - 09:00
Severity Rating: Critical
Revision Note: V1.0 (June 14, 2016): Bulletin published.
Summary: This security update resolves vulnerabilities in the JScript and VBScript scripting engines in Microsoft Windows. The vulnerabilities could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Categories: Security Alerts

MS16-080 - Important: Security Update for Microsoft Windows PDF (3164302) - Version: 1.0

Microsoft Security Notifications - Tue, 06/14/2016 - 09:00
Severity Rating: Important
Revision Note: V1.0 (June 14, 2016): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The more severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted .pdf file. An attacker who successfully exploited the vulnerabilities could cause arbitrary code to execute in the context of the current user. However, an attacker would have no way to force a user to open a specially crafted .pdf file.
Categories: Security Alerts
Syndicate content