Microsoft Patches Fix Zero Days

Friday, November 11, 2016 @ 05:11 PM gHale

Microsoft released its Patch Tuesday offerings this month for Windows, Office, Edge, Internet Explorer and SQL Server.

Of the 68 patched vulnerabilities, two of them have already undergone exploitation by attackers and three ended up publicly disclosed.

EMET Going Away in 2018
Windows Zero Day in Play
APT Jumps on Windows Zero Day
Network Device Threats, Mitigations

The patches are in 14 security bulletins, one dedicated to Adobe Flash Player which is upgraded through Windows Update in Windows 10 and 8.1. Six of the bulletins are critical and eight are important.

Administrators should prioritize the Windows patches in the MS16-135 bulletin, because it deals with a Zero Day vulnerability undergoing exploitation by a group of attackers known in the security industry as Fancy Bear, APT28 or Strontium.

The vulnerability, tracked as CVE-2016-7255, was publicly disclosed by Google last week, only 10 days after notifying Microsoft about it.

Google gives vendors only seven days to fix vulnerabilities or to publish mitigation advice if those flaws end up exploited in active attacks.

Another Windows security bulletin that should receive notice from users is MS16-132.

It is critical and fixes multiple remote code execution vulnerabilities, including another Zero Day flaw already being exploited by attackers.

The vulnerability is in the Windows font library and can end up exploited through specially crafted fonts embedded into websites or documents. Successful exploitation allows attackers to take full control of the affected systems, Microsoft said in the security bulletin.

Three other critical vulnerabilities in Internet Explorer and Edge ended up publicly disclosed before being patched. However, according to Microsoft they haven’t been exploited in attacks yet.

The Office security bulletin, MS16-133, is important, but covers remote code execution vulnerabilities that can undergo exploitation through specially crafted documents.

Microsoft SQL Server administrators should look at the MS16-136 bulletin which covers vulnerabilities in the RDBMS engine, MDS API, SQL Analysis Services and the SQL Server Agent.

Leave a Reply

You must be logged in to post a comment.