Apple Patches Everything
And to not be outdone by Microsoft and Adobe, Apple just released patches for:
iOS 9.2
A total of 50 vulnerabilities (CVE IDs) are addressed. About 10 of them affect WebKit and may lead to arbitrary code execution by visiting a malicious website. There are a large number of additional remote code execution vulnerabilities in various iOS components that are patched.
watchOS 2.1
A lot of overlap with patches released for iOS, but no WebKit issues as watchOS does not include a browser.
XCode 7.2
Updates to git, otools and IDE SCM. The git update fixes a number of vulnerablities that have been known (and fixed) in the open source software for a while.
OS X 10.11.2 (and Security Update 2015-008 for Mavericks and Yosemite)
updates to various open sources packages (libressl, OpenSSH, libxml2 and others). Also improvements to some hardware drivers (e.g. thunderbolt)
Safari 9.0.2
fixes webkit issues for Yosemite, Mavericks and Ell Capitan
tvOS
This affects the just released 4th generation Apple TV and addresses similar vulnerabilities as the new version of iOS.
Details can be found as usual here: https://support.apple.com/en-us/HT201222
Adobe Flash Update
As usual, Adobe is joining Microsoft on Patch Tuesday. So far there is only one bulletin, APSB15-32 with a patch for Adobe Flash Player. It fixes a total of 77 vulnerabilities (if I counted right...) .
[1] https://helpx.adobe.com/security/products/flash-player/apsb15-32.html
December 2015 Microsoft Patch Tuesday
Special Note: MS15-127 looks particularly "nasty". A remote code execution vulnerability in Microsoft's DNS server. Microsoft rates the exploitability as "2", but doesn't provide much details as to the nature of the vulnerability other than the fact that it can be triggered by remote DNS requests, which is bad news in particular if you are using a Microsoft DNS server exposed to the public internet. In this case, I would certainly expedite this patch. This is the vulnerability to look out for this time around.
Overview of the December 2015 Microsoft patches and their status.
| # | Affected | Contra Indications - KB | Known Exploits | Microsoft rating(**) | ISC rating(*) | |
|---|---|---|---|---|---|---|
| clients | servers | |||||
| MS15-124 | Cumulative Security Update for Internet Explorer (Replaces MS15-124 ) | |||||
| Internet Explorer CVE-2015-6083, CVE-2015-6134, CVE-2015-6135, CVE-2015-6136, CVE-2015-6138, CVE-2015-6139, CVE-2015-6140, CVE-2015-6141, CVE-2015-6142, CVE-2015-6143, CVE-2015-6144, CVE-2015-6145, CVE-2015-6146, CVE-2015-6147, CVE-2015-6148, CVE-2015-6149, CVE-2015-6150, CVE-2015-6151, CVE-2015-6152, CVE-2015-6153, CVE-2015-6154, CVE-2015-6155, CVE-2015-6156, CVE-2015-6157, CVE-2015-6158, CVE-2015-6159, CVE-2015-6160, CVE-2015-6161, CVE-2015-6162, CVE-2015-6162 |
KB 3116180 | no. | Severity:Critical Exploitability: 1-4 |
Critical | Critical | |
| MS15-125 | Cumulative Security Update for Microsoft Edge (Replaces MS15-112 ) | |||||
| Microsoft Edge CVE-2015-6139 CVE-2015-6140, CVE-2015-6142, CVE-2015-6148, CVE-2015-6151, CVE-2015-6153, CVE-2015-6154, CVE-2015-6155, CVE-2015-6158, CVE-2015-6159, CVE-2015-6161, CVE-2015-6168, CVE-2015-6169, CVE-2015-6170, CVE-2015-6176 |
KB 3116184 | no. | Severity:Critical Exploitability: 1-4 |
Critical | Critical | |
| MS15-126 | Cumulative Security Update for JScript and VBScript (Replaces MS15-066 ) | |||||
| JScript/VBScript (IE8,Vista and 2008 only) CVE-2015-6135 CVE-2015-6136 |
KB 3116178 | no. | Severity:Critical Exploitability: 2,1 |
Critical | Critical | |
| MS15-127 | Remote Code Execution in Microsoft Windows DNS (Replaces MS12-017 ) | |||||
| Microsoft DNS Server CVE-2015-6125 |
KB 3100465 | no. | Severity:Critical Exploitability: 2 |
N/A | Critical | |
| MS15-128 | Remote Code Execution Vulnerability in Microsoft Graphics Component (Replaces MS15-115 ) | |||||
| various components (.Net, Lync, Silverlight, Skype..) CVE-2015-6106 CVE-2015-6107 CVE-2015-6108 |
KB 3104503 | no. | Severity:Critical Exploitability: 1,1,1 |
Critical | Critical | |
| MS15-129 | Remote Code Execution in Microsoft Silverlight (Replaces MS15-080 ) | |||||
| Silverlight CVE-2015-6114 CVE-2015-6165 CVE-2015-6166 |
KB 3106614 | no. | Severity:Critical Exploitability: 2,2,1 |
Critical | Important | |
| MS15-130 | Remote Code Execution in Microsoft Uniscribe (Replaces MS14-036 ) | |||||
| Uniscribe CVE-2015-6130 |
KB 3108670 | no. | Severity:Critical Exploitability: 3 |
Critical | Important | |
| MS15-131 | Remote Code Execution Vulnerability in Microsoft Office (Replaces MS15-116 ) | |||||
| Office CVE-2015-6040 CVE-2015-6118 CVE-2015-6122 CVE-2015-6124 CVE-2015-6172 CVE-2015-6177 |
KB 3116111 | no. | Severity:Critical Exploitability: 1,1,1,1,1,1 |
Critical | Important | |
| MS15-132 | Remote Code Execution in Microsoft Windows (Replaces MS15-122 MS15-115 ) | |||||
| Windows CVE-2015-6128 CVE-2015-6132 CVE-2015-6133 |
KB 3116162 | no. | Severity:Important Exploitability: 2,2,2 |
Critical | Important | |
| MS15-133 | Privilege Escalation Vulnerability in Windows PGM | |||||
| Microsoft Message Queuing (MSMQ) CVE-2015-6126 |
KB 3116130 | no. | Severity:Important Exploitability: 2 |
Important | Important | |
| MS15-134 | Remote Code Execution in Windows Media Center (Replaces MS15-100 ) | |||||
| Windows Media Center CVE-2015-6127 CVE-2015-6131 |
KB 3108669 | no. | Severity:Important Exploitability: 2,2 |
Critical | Important | |
| MS15-135 | Privilege Elevation Vulnerability in Windows Kernel-Mode Drivers (Replaces MS15-122 MS15-115 ) | |||||
| Kernel-Mode Drivers (Library Loading) CVE-2015-6171 CVE-2015-6173 CVE-2015-6174 CVE-2015-6175 |
KB 3119075 | yes (CVE-2015-6175). | Severity:Important Exploitability: 1,1,1,4 |
Important | Important | |
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
- We use 4 levels:
- PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds a\ re typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
- Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more tim\ e to test.
- Important: Things where more testing and other measures can help.
- Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
- The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.
Patch Tuesday Warmup: Internet Explorer Sunset and Windows XP Embedded End of Support
As we are waiting for the Microsoft Santa to slide down our Data Center air conditioning duct later today to deliver a delicious package of patches (did you leave some floppy disks and a can of red bull out for him?), we got a couple other announcements from Microsoft that should not be overlooked:
- January will be the last month Microsoft will provide updates for any Internet Explorer version other than Internet Explorer 11! Even Internet Explorer 10 will no longer be supported after January patch Tuesday (January 12th, 2016).
- Support will also end for Windows XP Embedded. This will also make it more difficult for other Windows XP left-overs that tricked their version to use the Embedded updates. But nobody should be running XP anyway (right?).
- Still running Windows 7 or 8.1 (sure way to stay on MSFT Santa's "naughty" list)? Rumor has it that with today's patch Tuesday, Microsoft may re-enable the auto-upgrade to Windows 10. You may flip the switch back to not update, but it will set itself to "on" once a day.
[1] https://www.microsoft.com/en-us/WindowsForBusiness/End-of-IE-support
[2] https://support.microsoft.com/en-us/lifecycle/search/default.aspx?=&alpha=Windows%20XP
[3] http://www.computerworld.com/article/3012278/microsoft-windows/microsoft-sets-stage-for-massive-windows-10-upgrade-strategy.html#tk.rss_all
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
https://defineprogramming.com/
Dec 26th 2022
8 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
8 months ago
rthrth
Jan 2nd 2023
8 months ago