Skip to main content
Monthly Archives

December 2016

Third Party Patch Updates: When the Wild Things Attack

By Patch ManagementNo Comments
[vc_single_image image=”11045″ img_size=”medium”]

Are You Lost in the IT Wild?

If you aren’t patching your third-party vulnerabilities, your business, your assets, your sales, are just that…. vulnerable. Adobe’s Flash has had a tough month.In October we’ve seen two different critical patches released to shore up security holes where attackers can take control of your devices.

“We are aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.”

These zero-day critical flaws aren’t patched by Windows, you have to know about them, find them, download the content, and then install them.

[vc_btn title=”Start A Patch Management Trial” style=”custom” custom_background=”#ff9900″ custom_text=”#ffffff” shape=”square” size=”lg” link=”url:%2Ftrial-sign-up%2F|||”]

Third-Party Updates

10/26/2016 – Updated debugger and standalone versions of Flash Player. These versions contain fixes for critical vulnerabilities identified in Security Bulletin APSB 16-36. The latest versions are 23.0.0.205 (Win & Mac) and 11.2.202.643 (Linux). All users are encouraged to update to these latest versions.

10/3/2016 – Earlier this this Adobe have released a Security Bulletin APSB16-25 to resolve issues with Flash Player on both Windows, OS X and Linux which allows attackers to execute arbitrary code via unspecified vectors.

Exploited  – Critical Patch Releases
Patch Details
Product: Flash Player

FlashPlayer_Plugin_PPAPI_v23.0.0.205

FlashPlayer_ActiveX_v23.0.0.205
FlashPlayer_Plugin_NPAPI_v23.0.0.205
  • These updates resolve memory corruption vulnerabilities that could lead to code execution
  • These updates resolve a memory leak vulnerability
  • These updates resolve type confusion vulnerabilities that could lead to viral code execution
  • These updates resolve use-after-free vulnerabilities that could lead to code execution
  • These updates resolve a security bypass vulnerability that could lead to information disclosure

Don’t miss the latest upgrades

Every month we see a bevy of new third party updates, and are always enhancing our library of supported vendors. Special requests and additions are welcomed. This month’s releases include: 

Patches with Content Updates, Bug fixes and Feature enhancements
Product Category Patch
Chrome Web Browser Chrome_v53.0.2785.143
Skype Online calls Skype_v7.28.101

Skype_v7.29.0.102
iTunes Music Player
Shockwave Media Player Shockwaveplayer_v12.2.5.195
Firefox Web Browser Web browser:  Firefox_v49.0.2
Notepad++ Source code editor Notepadpp_v7.1
CitrixReceiver File access CitrixReceiver_v4.5.0.14155
WinSCP File browser WinSCP_v5.9.2
Wireshark Network protocol analyzer Wireshark_v2.2.1
Foobar Audio player Foobar2000_1.3.12
Evernote Multi device Note pad Evernote_v6.3.3.3502
Glary Utilities PC cleanup Glary_v5.60

Glary_v5.61
MediaMonkey Media Manager MediaMonkey_v4.1.14.1813
Adobe Air AdobeAIR_v23.0.0.257
AIMP Audio Player AIMP_v4.11.1841

AIMP_v4.11.1839
Filezilla FTP Client FileZilla_v3.22.1

 

Specific details available on 3rd Party Patch releases
Patch Details
Product: Adobe Air

AdobeAIR_v23.0.0.257
  • Adobe has released a security update for Adobe AIR SDK and Compiler. This update adds support for secure transmission of runtime analytics for AIR applications on Android. Developers are encouraged to recompile captive runtime bundles after applying this update.
Product: AIMP Player

AIMP_v4.11.1841

AIMP_v4.11.1839
  • Fixed: Playlist – the “add entire folder if one file is sent” option does not work correctly in some cases (regression)
  • Fixed: Playlist – no ability to select few collapsed groups via keyboard
  • Fixed: music library – table – album thumbnails view – playback that invoked via mouse double click always started from the first track in group
  • Fixed: Music Library – small bugs were fixed
  • Fixed: Plugins – API – an error occurs when calculating the hash code for certain images (regression)
Product: Filezilla FTP Client

FileZilla_v3.22.1
  • Bugfixes and minor changes:
  • OS X: Work around a nasty bug in XCode where programs explicitly compiled for older versions of OS X were silently pulling in features exclusive to the new version, resulting in crashes at runtime
  • Fixed a potential crash when using SFTP
Firefox_v49.0.2
iTunes_v12.5.1
  • Apple has released iTunes v12.5.1 for OS X and Windows and the update has brought an all-new Apple Music design which brings greater clarity and simplicity to every aspect of the experience.
Notepadpp_v7.1
  • Fix x64 crash on macro recording
  • Fix x64 crash on new language dialog of UDL
  • Check plugin architecture (32-bit or 64-bit) before loading
  • Enhance Smart Highlighting feature: 1. match case 2. whole word only 3. use find dialog settings for both
  • Fix poor performance of hex XML entities
  • Reshow CallTip text on separator character
  • Skip Auto-Complete self-closing HTML tags (<br>, <base>, <track>… etc)
  • Fix 2 UI issues for RTL layout
  • Fix Folder as Workspace toolbar button inconsistent behavior
  • Add option to skip word completion on numbers (default: ON)
  • Fix bookmarks toggled off’s bug
  • Sort plugin menu by plugin name
  • Installer: Add 64-bit/32-bit old install detection, and old installation removal ability
  • Installer: Ask user for keeping user data during uninstallation
  • Installer: Fix uninstaller bug to not remove themes files from APPDATA
Opera_v40.0.2308.81
  • Fixes for Opera Stable running on Sierra. We have also fixed the backspace which stubbornly navigated back in history even when the address field was focused. And, now it is again possible to seamlessly import Firefox bookmarks
RevoUnistallerFree_v2.0.1

RevoUnistallerPro_v3.1.7
  • Fixed Minor bugs
  • Improved scanning for leftovers
Thunderbird_v45.4.0
  • Display name was truncated if no separating space before email address.
  • Recipient addresses were shown in red despite being inserted from the address book in some circumstances.
  • Additional spaces were inserted when drafts were edited.
  • Mail saved as template copied In-Reply-To and References from original email.
  • Threading broken when editing message draft, due to loss of Message-ID
  • “Apply columns to…” did not honor special folders
WinSCP_v5.9.2
  • Translations completed: Brazilian Portuguese, Finnish, Kabyle and Ukrainian
  • Lots of usability improvements and bug fixes
December 27, 2016
Love0
|

December Patch Tuesday: Patching Through The Snow

By Patch Management, Patch Tuesday, UncategorizedNo Comments
[vc_single_image source=”featured_image” img_size=”medium”]

Add Some Layers… To Your Security

Grab your hot chocolate and bundle up: it’s time to stay inside and catch up on the latest Microsoft updates. On this day of December, Microsoft sent to us … 12 bulletins. The holiday month has come around again, and like last year Microsoft have delivered 12 more bulletins to keep us safe.

Of the 12 bulletins, 6 are rated Critical and 6 are rated Important. Last week Microsoft also released 31 KB updates covering Office version 2013 and 2016. Full details of that release can be found here.

What do you know about Microsoft’s Enhanced Mitigation Experience Toolkit (EMET)? Microsoft have announced that on 31st July 2018, it will be no longer supported. Why is EMET important? It’s important because it is a freeware security toolkit for Windows.

It provides a unified interface to enable and fine-tune Windows security features. It can be used as an extra layer of defense against malware attacks, after the firewall and before antivirus software.

[vc_single_image image=”11077″]

Robert Brown, Director of Services for Verismic says, “Microsoft have suggested Windows 10 has all the protection it needs and therefore no longer has a need for another layer of security.

Without EMET, customers will have a need greater than ever before to implement a patching policy. Does Windows 10 offer the same level of security? See for yourself here.”

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big”]START FREE TRIAL[/dt_default_button]

Microsoft Updates

This month to help your IT Security Officer we have chosen a few updates from the Microsoft Patch Tuesday to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and most importantly the independent CVSS score for the vulnerability.

MS16-144 – This update addresses the vulnerabilities by correcting how Microsoft browser and affected components handle objects in memory, Microsoft browser checks Same Origin Policy for scripts running inside Web Workers and Scripting engines handle objects in memory. As it is publically disclosed and is used by a great number of our customers, we would recommend this be a priority this month.

MS16-145 – An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. As it is publically disclosed and is used by a great number of our customers, we would recommend this be a priority this month.

MS16-146 – This security update addresses the vulnerabilities by correcting how the Windows GDI component handles objects in memory.

]MS16-154 – The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10, Internet Explorer 11, and Microsoft Edge.

The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.

Number Bulletin ID Description Impact Restart Requirement Publically Disclosed Exploited Severity CVSS Score
1 MS16-144 Cumulative Security Update for Internet Explorer (3204059)

This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

 Remote Code Execution Yes Yes No Critical 9.3
2 MS16-145 Cumulative Security Update for Microsoft Edge (3204062)

This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

 Remote Code Execution Yes Yes No Critical 9.3
3 MS16-146 Security Update for Microsoft Graphics Component (3204066)

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

 Remote Code Execution Yes No No Critical 9.3
4 MS16-147 Security Update for Microsoft Uniscribe (3204063)

This security update resolves a vulnerability in Windows Uniscribe. The vulnerability could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

 

 Remote Code Execution Yes No No Critical 9.3
5 MS16-148 Security Update for Microsoft Office (3204068)

This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

 

 Remote Code Execution Maybe No No Critical 9.3
6 MS16-149 Security Update for Microsoft Windows (3205655)

This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially crafted application.

 

 Elevation of Privilege Yes No No Important 6.8
7 MS16-150 Security Update for Secure Kernel Mode (3205642)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if a locally-authenticated attacker runs a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL).

 

 Elevation of Privilege Yes No No Important 6.8
8 MS16-151 Security Update for Windows Kernel-Mode Drivers (3205651)

This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

 

 Elevation of Privilege Yes No No Important 7.2
9 MS16-152 Security Update for Windows Kernel (3199709)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows kernel improperly handles objects in memory.

 

 Information Disclosure Yes No No Important 1.7
10 MS16-153 Security Update for Common Log File System Driver (3207328)

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to bypass security measures on the affected system allowing further exploitation.

 

 Information Disclosure Yes No No Important 7.2
11 MS16-154 Security Update for Adobe Flash Player (3209498)

This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

 

 Remote Code Execution Yes NA NA Critical NA
12 MS16-155 Security Update for .NET Framework (3205640)

This security update resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. A security vulnerability exists in Microsoft .NET Framework 4.6.2 that could allow an attacker to access information that is defended by the Always Encrypted feature.

 

 Information Disclosure Yes Yes No Important 2.1

Get Started

Start a free, 14-day trial of Syxsense, which helps organizations from 50 to 10,000 endpoints monitor and manage their environment, all from just a web browser. An email will be automatically sent to the address you provide.

[dt_default_button link=”url:https%3A%2F%2Fwww.syxsense.com%2Fsyxsense-trial%2F|||” size=”big” button_alignment=”btn_center” icon_type=”picker” icon_picker=”fas fa-angle-double-right” icon_align=”right”]START YOUR FREE TRIAL OF SYXSENSE[/dt_default_button]
December 13, 2016
Love0