Microsoft Patch Tuesday Summary for July 2016

Microsoft Patch Tuesday Summary for July 2016
As usual for the second Tuesday fo the month, Microsoft today released its monthly security updates. Microsoft released a total of 11 bulletins. 6 are rated critical, and the remaining five are rated important. One of the Bulletins (MS16-093) affects Adobe's Flash player and is a copy of Adobe's advisory. None of the bulletins stick out as "special". There are no bulletins that affect vulnerabilities for which exploits have been observed. But two bulletins included already known vulnerabilities: CVE-2016-3287 , a vulnerability in Secure Boot. CVE-2016-3272 , an information disclosure vulnerability in the Windows Kernel. I don't consider either vulnerability very serious. As far as prioritizing the patches go, I would as usual attend to the Internet Explorer, Edge, Flash and Office patches first. The printer spool issue is "interesting". An attacker could use the vulnerability to install arbitrary print drivers, which of course would lead to arbitrary code execution. As a workaround, Microsoft suggests that you do restrict printer that your users can use to print. This sounds like a good control, and you should use this vulnerability to make sure the printer configurations are sufficiently adjusted. For a full list of Bulletins, see our summary here. If you prefer a more structured view, you can also retrieve the bulletin data via our API here. --- Johannes B. Ullrich, Ph.D. STI\|Twitter\|LinkedIn I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022	Johannes 4473 Posts ISC Handler Jul 12th 2016
Thread locked Subscribe	Jul 12th 2016 5 years ago
Johannes, Interesting write up on the MS16-087 issue here: http://blog.vectranetworks.com/blog/microsoft-windows-printer-wateringhole-attack	Anonymous
Quote	Jul 12th 2016 5 years ago
Here the July/12/2016 patch has been disastrous. All of our computers running W10 never completed the patch and cpu/disk activity is pegged close to 100%. Moving a mouse or typing is tediously slow, since this morning we haven't done anything with our computers. I don't know if this is due to high demand or something else but Microsoft is back with their clusterf*ck updates. Our next move is to delete all the files in the "Softwaredistribution" directory and try again or to disable internet access and don't let windows try to update and ruin our day with a slow computer. I wonder if more people have the same problems as we do.	Anonymous
Quote	Jul 13th 2016 5 years ago
Quoting Anonymous:Here the July/12/2016 patch has been disastrous. All of our computers running W10 never completed the patch and cpu/disk activity is pegged close to 100%. Moving a mouse or typing is tediously slow, since this morning we haven't done anything with our computers. I don't know if this is due to high demand or something else but Microsoft is back with their clusterf*ck updates. Our next move is to delete all the files in the "Softwaredistribution" directory and try again or to disable internet access and don't let windows try to update and ruin our day with a slow computer. I wonder if more people have the same problems as we do. Some sage advise, use 1 client in parallel for updates before poisoning the entire network. Or, wait a few days for any fallout.	ICI2I 63 Posts
Quote	Jul 13th 2016 5 years ago
Hi Guys, I've noticed you have the CVE (2016-3287) for the MS16-094 (Secure Boot), listed next to MS16-093, instead of the actual list of Adobe CVEs (CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4182, CVE-2016-4188, CVE-2016-4185, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) It would be nice if you could correct :)	Anonymous
Quote	Jul 13th 2016 5 years ago
I did updates on my Windows servers yesterday and they appear to have caused some issues with Excel files. We download files from one of our customers that contain order information. This morning when opening one of the files, Excel acts as if the file will not open. (Excel starts but the file is blank.) When I right click on the file it says that it is “Blocked”. I click on unblock and now I can open the file. I have found several articles talking about this but no one has found a way to fix the issue. I found one article that says uninstalling “KB3115262 MS16-088: Description of the security update for Excel 2013: July 12, 2016” has fixed the issue. Anyone else experienced that?	Deborah 279 Posts ISC Handler
Quote	Aug 1st 2016 5 years ago
I did updates on my Windows servers yesterday and they appear to have caused some issues with Excel files. We download files from one of our customers that contain order information. This morning when opening one of the files, Excel acts as if the file will not open. (Excel starts but the file is blank.) When I right click on the file it says that it is “Blocked”. I click on unblock and now I can open the file. I have found several articles talking about this but no one has found a way to fix the issue. I found one article that says uninstalling “KB3115262 MS16-088: Description of the security update for Excel 2013: July 12, 2016” has fixed the issue. Anyone else experienced that?	Deborah 279 Posts ISC Handler
Quote	Aug 1st 2016 5 years ago
Hi Deborah We're having similar problems. The export to Excel button on our Oracle/PeopleSoft system is broken. The only fixes we've found so far are to disable Protected View in Excel or to uninstall the patch. Neither are good ideas... John	John 88 Posts
Quote	Aug 2nd 2016 5 years ago

As usual for the second Tuesday fo the month, Microsoft today released its monthly security updates. Microsoft released a total of 11 bulletins. 6 are rated critical, and the remaining five are rated important.

One of the Bulletins (MS16-093) affects Adobe's Flash player and is a copy of Adobe's advisory.

None of the bulletins stick out as "special". There are no bulletins that affect vulnerabilities for which exploits have been observed. But two bulletins included already known vulnerabilities:

CVE-2016-3287 , a vulnerability in Secure Boot.
CVE-2016-3272 , an information disclosure vulnerability in the Windows Kernel.

I don't consider either vulnerability very serious.

As far as prioritizing the patches go, I would as usual attend to the Internet Explorer, Edge, Flash and Office patches first.

The printer spool issue is "interesting". An attacker could use the vulnerability to install arbitrary print drivers, which of course would lead to arbitrary code execution. As a workaround, Microsoft suggests that you do restrict printer that your users can use to print. This sounds like a good control, and you should use this vulnerability to make sure the printer configurations are sufficiently adjusted.

For a full list of Bulletins, see our summary here. If you prefer a more structured view, you can also retrieve the bulletin data via our API here.

---

Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022

Johannes

4473 Posts
ISC Handler

Jul 12th 2016

Johannes,

Interesting write up on the MS16-087 issue here:

http://blog.vectranetworks.com/blog/microsoft-windows-printer-wateringhole-attack

Anonymous

Here the July/12/2016 patch has been disastrous. All of our computers running W10 never completed the patch and cpu/disk activity is pegged close to 100%. Moving a mouse or typing is tediously slow, since this morning we haven't done anything with our computers.

I don't know if this is due to high demand or something else but Microsoft is back with their clusterf*ck updates. Our next move is to delete all the files in the "Softwaredistribution" directory and try again or to disable internet access and don't let windows try to update and ruin our day with a slow computer.

I wonder if more people have the same problems as we do.

Anonymous

Quoting Anonymous:Here the July/12/2016 patch has been disastrous. All of our computers running W10 never completed the patch and cpu/disk activity is pegged close to 100%. Moving a mouse or typing is tediously slow, since this morning we haven't done anything with our computers.

I don't know if this is due to high demand or something else but Microsoft is back with their clusterf*ck updates. Our next move is to delete all the files in the "Softwaredistribution" directory and try again or to disable internet access and don't let windows try to update and ruin our day with a slow computer.

I wonder if more people have the same problems as we do.

Some sage advise, use 1 client in parallel for updates before poisoning the entire network. Or, wait a few days for any fallout.

ICI2I

63 Posts

Hi Guys,

I've noticed you have the CVE (2016-3287) for the MS16-094 (Secure Boot), listed next to MS16-093, instead of the actual list of Adobe CVEs (CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4182, CVE-2016-4188, CVE-2016-4185, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249)

It would be nice if you could correct :)

Anonymous

I did updates on my Windows servers yesterday and they appear to have caused some issues with Excel files. We download files from one of our customers that contain order information. This morning when opening one of the files, Excel acts as if the file will not open. (Excel starts but the file is blank.) When I right click on the file it says that it is “Blocked”. I click on unblock and now I can open the file. I have found several articles talking about this but no one has found a way to fix the issue. I found one article that says uninstalling “KB3115262 MS16-088: Description of the security update for Excel 2013: July 12, 2016” has fixed the issue. Anyone else experienced that?

Deborah

279 Posts
ISC Handler

I did updates on my Windows servers yesterday and they appear to have caused some issues with Excel files. We download files from one of our customers that contain order information. This morning when opening one of the files, Excel acts as if the file will not open. (Excel starts but the file is blank.) When I right click on the file it says that it is “Blocked”. I click on unblock and now I can open the file. I have found several articles talking about this but no one has found a way to fix the issue. I found one article that says uninstalling “KB3115262 MS16-088: Description of the security update for Excel 2013: July 12, 2016” has fixed the issue. Anyone else experienced that?

Deborah

279 Posts
ISC Handler

Hi Deborah
We're having similar problems. The export to Excel button on our Oracle/PeopleSoft system is broken. The only fixes we've found so far are to disable Protected View in Excel or to uninstall the patch. Neither are good ideas...
John

John

88 Posts