Today Microsoft released 9 bulletins in total of which 5 are rated Critical & 4 are rated Important. Last week Microsoft also released 26 KB updates covering Office version 2007 (another junk mail filter update) all the way to 2016.
Early last week we saw reports of an Iranian hacker group whom are calling themselves Rocket Kitty gaining access to dozens of accounts on a secure messaging platform called Telegram. Telegram is used by many journalists and activists and was previously famed for its high end encryption, the exploitation of Telegram is now sparking fears that sensitive communications have been compromised.
“We have over a dozen cases in which Telegram accounts have been compromised, through ways that sound like basic coordination with the cellphone company” said Collin Anderson, one of the security researchers behind the discovery.
Rumour has it that telecoms companies working closely with the government have been intercepting messages, passing them on to hackers which would allow them to set up an account on a 2nd device. The hackers then went on to infiltrate other users accounts using an attack vector called Spear Phishing. A Telegram spokesman said: “This is hardly a new threat. We’ve been increasingly warning our users in certain countries about it.”
What is spear phishing?
The aim of spear phishing is to trick people into handing over sensitive information, with a spoofed email that appears to be from a person or business in their contact list. This is a much more targeted attack vector than phishing which is where bulk emailers are used to blanket attack thousands of random users. This method is much more hap hazard but reports show that 23% of recipients open phishing mails, Spear Phishing takes the hackers success rate over 50% highlighting the danger this strategy poses.
Attacks like this highlight the importance of locking down your devices using every viable means at your disposal.
James Rowney, Service Manager from Verismic says “I always lock down my devices using the highest possible encryption and strongly advise anyone reading this to do the same. Another recommendation which I feel is as, if not more important is keeping applications and operating systems up to date. There is no better protected system than a fully patched system.”
Microsoft Updates
We have chosen a few updates from this Patch Tuesday to prioritize this month. This recommendation has been made using evidence from industry experts (including our own), anticipated business impact and the independent CVSS score for the vulnerability.
1. MS16-095
2. MS16-096
3. MS16-102
MS16-095 – If the current user is logged on with administrative user rights, an attacker could take control of an affected system. The attacker could then install programs, change or delete data; or create new accounts with full user rights.
MS16-096 – The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.
MS16-102 – The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
The independent CVSS scores used in the table below range from 0 to 10. Vulnerabilities with a base score in the range 7.0-10.0 are High, those in the range 4.0-6.9 as Medium, and 0-3.9 as Low.
|
Bulletin ID |
Description |
Impact |
Restart Requirement |
Severity |
CVSS Score |
|
MS16-095 |
Cumulative Security Update for Internet Explorer (3177356) This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
Remote Code Execution |
Requires restart |
Critical |
9.3 |
|
MS16-096 |
Cumulative Security Update for Microsoft Edge 3177358) This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights. |
Remote Code Execution |
Requires restart |
Critical |
9.3 |
|
MS16-097 |
Security Update for Microsoft Graphics Component (3177393) This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, and Microsoft Lync. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Remote Code Execution |
May require restart |
Critical |
9.3 |
|
MS16-098 |
Security Update for Windows Kernel-Mode Drivers (3178466) This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system. |
Elevation of Privilege |
Requires restart |
Important |
7.2 |
|
MS16-099 |
Security Update for Microsoft Office (3177451) This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. |
Remote Code Execution |
May require restart |
Critical |
9.3 |
|
MS16-100 |
Security Update for Secure Boot (3179577) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker installs a policy affected by the vulnerability onto a target device. |
Security Feature Bypass |
Does not require restart |
Important |
1.7 |
|
MS16-101 |
Security Update for Windows Authentication Methods (3178465) This security update resolves multiple vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application on a domain-joined system. |
Elevation of Privilege |
Requires restart |
Important |
4.3 |
|
MS16-102 |
Security Update for Microsoft Windows PDF Library (3182248) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
Remote Code Execution |
May require restart |
Critical |
9.3 |
|
MS16-103 |
Security Update for ActiveSync Provider (3182332) This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Universal Outlook fails to establish a secure connection. |
Information Disclosure |
Requires restart |
Important |
5.0 |
