As usual for the second Tuesday fo the month, Microsoft today released its monthly security updates. Microsoft released a total of 11 bulletins. 6 are rated critical, and the remaining five are rated important. One of the Bulletins (MS16-093) affects Adobe's Flash player and is a copy of Adobe's advisory. None of the bulletins stick out as "special". There are no bulletins that affect vulnerabilities for which exploits have been observed. But two bulletins included already known vulnerabilities: CVE-2016-3287 , a vulnerability in Secure Boot.
I don't consider either vulnerability very serious. As far as prioritizing the patches go, I would as usual attend to the Internet Explorer, Edge, Flash and Office patches first. The printer spool issue is "interesting". An attacker could use the vulnerability to install arbitrary print drivers, which of course would lead to arbitrary code execution. As a workaround, Microsoft suggests that you do restrict printer that your users can use to print. This sounds like a good control, and you should use this vulnerability to make sure the printer configurations are sufficiently adjusted. For a full list of Bulletins, see our summary here. If you prefer a more structured view, you can also retrieve the bulletin data via our API here. --- Johannes B. Ullrich, Ph.D. |
Johannes 4037 Posts ISC Handler Jul 12th 2016 |
Thread locked Subscribe |
Jul 12th 2016 4 years ago |
Johannes,
Interesting write up on the MS16-087 issue here: http://blog.vectranetworks.com/blog/microsoft-windows-printer-wateringhole-attack |
Anonymous |
Quote |
Jul 12th 2016 4 years ago |
Here the July/12/2016 patch has been disastrous. All of our computers running W10 never completed the patch and cpu/disk activity is pegged close to 100%. Moving a mouse or typing is tediously slow, since this morning we haven't done anything with our computers.
I don't know if this is due to high demand or something else but Microsoft is back with their clusterf*ck updates. Our next move is to delete all the files in the "Softwaredistribution" directory and try again or to disable internet access and don't let windows try to update and ruin our day with a slow computer. I wonder if more people have the same problems as we do. |
Anonymous |
Quote |
Jul 13th 2016 4 years ago |
Quoting Anonymous:Here the July/12/2016 patch has been disastrous. All of our computers running W10 never completed the patch and cpu/disk activity is pegged close to 100%. Moving a mouse or typing is tediously slow, since this morning we haven't done anything with our computers. Some sage advise, use 1 client in parallel for updates before poisoning the entire network. Or, wait a few days for any fallout. |
ICI2I 63 Posts |
Quote |
Jul 13th 2016 4 years ago |
Hi Guys,
I've noticed you have the CVE (2016-3287) for the MS16-094 (Secure Boot), listed next to MS16-093, instead of the actual list of Adobe CVEs (CVE-2016-4173, CVE-2016-4174, CVE-2016-4175, CVE-2016-4176, CVE-2016-4177, CVE-2016-4178, CVE-2016-4179, CVE-2016-4182, CVE-2016-4188, CVE-2016-4185, CVE-2016-4222, CVE-2016-4223, CVE-2016-4224, CVE-2016-4225, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, CVE-2016-4232, CVE-2016-4247, CVE-2016-4248, CVE-2016-4249) It would be nice if you could correct :) |
Anonymous |
Quote |
Jul 13th 2016 4 years ago |
I did updates on my Windows servers yesterday and they appear to have caused some issues with Excel files. We download files from one of our customers that contain order information. This morning when opening one of the files, Excel acts as if the file will not open. (Excel starts but the file is blank.) When I right click on the file it says that it is “Blocked”. I click on unblock and now I can open the file. I have found several articles talking about this but no one has found a way to fix the issue. I found one article that says uninstalling “KB3115262 MS16-088: Description of the security update for Excel 2013: July 12, 2016” has fixed the issue. Anyone else experienced that?
|
Deborah 279 Posts ISC Handler |
Quote |
Aug 1st 2016 4 years ago |
I did updates on my Windows servers yesterday and they appear to have caused some issues with Excel files. We download files from one of our customers that contain order information. This morning when opening one of the files, Excel acts as if the file will not open. (Excel starts but the file is blank.) When I right click on the file it says that it is “Blocked”. I click on unblock and now I can open the file. I have found several articles talking about this but no one has found a way to fix the issue. I found one article that says uninstalling “KB3115262 MS16-088: Description of the security update for Excel 2013: July 12, 2016” has fixed the issue. Anyone else experienced that?
|
Deborah 279 Posts ISC Handler |
Quote |
Aug 1st 2016 4 years ago |
Hi Deborah
We're having similar problems. The export to Excel button on our Oracle/PeopleSoft system is broken. The only fixes we've found so far are to disable Protected View in Excel or to uninstall the patch. Neither are good ideas... John |
John 88 Posts |
Quote |
Aug 2nd 2016 4 years ago |
Sign Up for Free or Log In to start participating in the conversation!