November 2016 Microsoft Patch Day
Microsoft today released 13 bulletins (plus one bulletin from Adobe for Flash). 5 of the Microsoft bulletins, and the Adobe Flash bulletin are rated critical. There are a number of vulnerabilities that have either already been known, or have already been exploited:
MS16-129 and MS16-142 (Internet Explorer): An information disclosure (CVE-2016-7199) has already been publicly disclosed, but not been exploited yet. The vulnerability can leak information cross-origin. In addition there is a spoofing vulnerability that only affects Microsoft Edge that has been publicly disclosed ( CVE-2016-7209 ).
MS16-132 (Microsoft Graphics Component): This is yet another open type font issue (CVE-2016-7256). IT has already been exploited and I labeled this bulletin as "Patch Now" . The vulnerability can be used for remote code execution.
MS16-135 (Kernel Mode Drivers): A Win32k priviledge escalation vulnerability (CVE-2016-7255) has already been publicly disclosed and exploited. This one is a bit odd in that it sounds like what Google released as CVE-2016-7855. Trying to clarify if this is a typo.
Full details: https://isc.sans.edu/mspatchdays.html?viewday=2016-11-08
Note that Microsoft didn't use the first two bulletins for the usual Internet Explorer and Edge cumulative updates. Instead, the first bulletin (MS16-129) is used for Edge, and the last one (MS16-142) is used for Internet Explorer. The Flash update uses the next to last bulletin (MS16-141).
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
Comments
curl -s https://isc.sans.edu/api/getmspatchday/2016-11-08?json
Anonymous
Nov 9th 2016
8 years ago
Anonymous
Nov 9th 2016
8 years ago
Anonymous
Nov 9th 2016
8 years ago
Anyone has an issue with MS16-132 pulling it up on WSUS?
I'm trying to push MS16-132 too all my workstations (windows 7), but when I pull up MS16-132 on my WSUS Server, the only patches showing are for Windows Server 2008. I don't see the patches for Windows 7.
Thanks...
Anonymous
Nov 10th 2016
8 years ago