Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ISC Stormcast For Wednesday, November 9th 2016

November 2016 Microsoft Patch Day

Published: 2016-11-08
Last Updated: 2016-11-08 23:27:31 UTC
by Johannes Ullrich (Version: 1)
4 comment(s)

Microsoft today released 13 bulletins (plus one bulletin from Adobe for Flash). 5 of the Microsoft bulletins, and the Adobe Flash bulletin are rated critical. There are a number of vulnerabilities that have either already been known, or have already been exploited:

MS16-129 and MS16-142 (Internet Explorer): An information disclosure (CVE-2016-7199) has already been publicly disclosed, but not been exploited yet. The vulnerability can leak information cross-origin. In addition there is a spoofing vulnerability that only affects Microsoft Edge that has been publicly disclosed ( CVE-2016-7209 ).

MS16-132 (Microsoft Graphics Component): This is yet another open type font issue (CVE-2016-7256). IT has already been exploited and I labeled this bulletin as "Patch Now" . The vulnerability can be used for remote code execution.

MS16-135 (Kernel Mode Drivers): A Win32k priviledge escalation vulnerability (CVE-2016-7255) has already been publicly disclosed and exploited. This one is a bit odd in that it sounds like what Google released as CVE-2016-7855. Trying to clarify if this is a typo. 

Full details:

Note that Microsoft didn't use the first two bulletins for the usual Internet Explorer and Edge cumulative updates. Instead, the first bulletin (MS16-129) is used for Edge, and the last one (MS16-142) is used for Internet Explorer. The Flash update uses the next to last bulletin (MS16-141). 



Johannes B. Ullrich, Ph.D.

4 comment(s)
ISC Stormcast For Tuesday, November 8th 2016
Diary Archives