Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: November 2016 Microsoft Patch Day - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
November 2016 Microsoft Patch Day

Microsoft today released 13 bulletins (plus one bulletin from Adobe for Flash). 5 of the Microsoft bulletins, and the Adobe Flash bulletin are rated critical. There are a number of vulnerabilities that have either already been known, or have already been exploited:

MS16-129 and MS16-142 (Internet Explorer): An information disclosure (CVE-2016-7199) has already been publicly disclosed, but not been exploited yet. The vulnerability can leak information cross-origin. In addition there is a spoofing vulnerability that only affects Microsoft Edge that has been publicly disclosed ( CVE-2016-7209 ).

MS16-132 (Microsoft Graphics Component): This is yet another open type font issue (CVE-2016-7256). IT has already been exploited and I labeled this bulletin as "Patch Now" . The vulnerability can be used for remote code execution.

MS16-135 (Kernel Mode Drivers): A Win32k priviledge escalation vulnerability (CVE-2016-7255) has already been publicly disclosed and exploited. This one is a bit odd in that it sounds like what Google released as CVE-2016-7855. Trying to clarify if this is a typo. 

Full details:

Note that Microsoft didn't use the first two bulletins for the usual Internet Explorer and Edge cumulative updates. Instead, the first bulletin (MS16-129) is used for Edge, and the last one (MS16-142) is used for Internet Explorer. The Flash update uses the next to last bulletin (MS16-141). 



Johannes B. Ullrich, Ph.D.

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022


4473 Posts
ISC Handler
Nov 8th 2016
I'm having issues with pulling json format of ms patch Tuesday API. "binary garbage" seems to be returning. the XML format works well.

curl -s

11 Posts
I think you are getting the gzipped response for some reason. I have to look back to see what the reason was for that again.

4473 Posts
ISC Handler
Links to CVEs dont work.

19 Posts
Anyone has an issue with MS16-132 pulling it up on WSUS?
I'm trying to push MS16-132 too all my workstations (windows 7), but when I pull up MS16-132 on my WSUS Server, the only patches showing are for Windows Server 2008. I don't see the patches for Windows 7.
1 Posts

Sign Up for Free or Log In to start participating in the conversation!