My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Microsoft Patch Tuesday Summary for July 2016

Published: 2016-07-12. Last Updated: 2016-07-12 17:17:07 UTC
by Johannes Ullrich (Version: 1)
7 comment(s)

As usual for the second Tuesday fo the month, Microsoft today released its monthly security updates. Microsoft released a total of 11 bulletins. 6 are rated critical, and the remaining five are rated important.

One of the Bulletins (MS16-093) affects Adobe's Flash player and is a copy of Adobe's advisory.

None of the bulletins stick out as "special". There are no bulletins that affect vulnerabilities for which exploits have been observed. But two bulletins included already known vulnerabilities:

CVE-2016-3287 , a vulnerability in Secure Boot.
CVE-2016-3272 , an information disclosure vulnerability in the Windows Kernel.

 

I don't consider either vulnerability very serious.

As far as prioritizing the patches go, I would as usual attend to the Internet Explorer, Edge, Flash and Office patches first.

The printer spool issue is "interesting". An attacker could use the vulnerability to install arbitrary print drivers, which of course would lead to arbitrary code execution. As a workaround, Microsoft suggests that you do restrict printer that your users can use to print. This sounds like a good control, and you should use this vulnerability to make sure the printer configurations are sufficiently adjusted.

For a full list of Bulletins, see our summary here. If you prefer a more structured view, you can also retrieve the bulletin data via our API here.

---

Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

7 comment(s)
My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Comments

Johannes,

Interesting write up on the MS16-087 issue here:

http://blog.vectranetworks.com/blog/microsoft-windows-printer-wateringhole-attack
Here the July/12/2016 patch has been disastrous. All of our computers running W10 never completed the patch and cpu/disk activity is pegged close to 100%. Moving a mouse or typing is tediously slow, since this morning we haven't done anything with our computers.

I don't know if this is due to high demand or something else but Microsoft is back with their clusterf*ck updates. Our next move is to delete all the files in the "Softwaredistribution" directory and try again or to disable internet access and don't let windows try to update and ruin our day with a slow computer.

I wonder if more people have the same problems as we do.
[quote=comment#37397]Here the July/12/2016 patch has been disastrous. All of our computers running W10 never completed the patch and cpu/disk activity is pegged close to 100%. Moving a mouse or typing is tediously slow, since this morning we haven't done anything with our computers.

I don't know if this is due to high demand or something else but Microsoft is back with their clusterf*ck updates. Our next move is to delete all the files in the "Softwaredistribution" directory and try again or to disable internet access and don't let windows try to update and ruin our day with a slow computer.

I wonder if more people have the same problems as we do.[/quote]

Some sage advise, use 1 client in parallel for updates before poisoning the entire network. Or, wait a few days for any fallout.
Hi Guys,

I've noticed you have the CVE (2016-3287) for the MS16-094 (Secure Boot), listed next to MS16-093, instead of the actual list of Adobe CVEs (CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4182, CVE-2016-4188, CVE-2016-4185, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249)


It would be nice if you could correct :)
I did updates on my Windows servers yesterday and they appear to have caused some issues with Excel files. We download files from one of our customers that contain order information. This morning when opening one of the files, Excel acts as if the file will not open. (Excel starts but the file is blank.) When I right click on the file it says that it is “Blocked”. I click on unblock and now I can open the file. I have found several articles talking about this but no one has found a way to fix the issue. I found one article that says uninstalling “KB3115262 MS16-088: Description of the security update for Excel 2013: July 12, 2016” has fixed the issue. Anyone else experienced that?
I did updates on my Windows servers yesterday and they appear to have caused some issues with Excel files. We download files from one of our customers that contain order information. This morning when opening one of the files, Excel acts as if the file will not open. (Excel starts but the file is blank.) When I right click on the file it says that it is “Blocked”. I click on unblock and now I can open the file. I have found several articles talking about this but no one has found a way to fix the issue. I found one article that says uninstalling “KB3115262 MS16-088: Description of the security update for Excel 2013: July 12, 2016” has fixed the issue. Anyone else experienced that?
Hi Deborah
We're having similar problems. The export to Excel button on our Oracle/PeopleSoft system is broken. The only fixes we've found so far are to disable Protected View in Excel or to uninstall the patch. Neither are good ideas...
John

Diary Archives