Patch Analysis for November 2016

Welcome to this November Patch Tuesday Bulletin. Keep in mind that Microsoft has changed their patching model for IE and Windows patches which is explained here. Patches are now cumulative updates for the operating system so the focus should be on testing the update for the OS and deploying as quickly as possible. There are two vulnerabilities that were attacked in the wild and these include CVE-2016-7255 and CVE-2016-7256. CVE-2016-7255 is an elevation of privilege vulnerability that Microsoft notes as being protected by new exploit mitigations in the Windows 10 anniversary update. CVE-2016-7256 is a remote code execution vulnerability that could be exploited by malicious embedded fonts. Adobe Flash is updated with MS16-141 and remediates 9 vulnerabilities. This update will be an important one to deploy and is available via the Microsoft Update Catalog or Windows Update.

November Patch Tuesday may be a scramble for some as companies plug Zero Day vulnerabilities from Adobe Flash and Microsoft: Get an edge with Shavlik's Patch Tuesday Analysis

  • Prioritize updates from Microsoft and 3rd Party vendors
  • Identify vulnerabilities targeting users
  • Manage your virtual infrastructure with VMworld 2016 Security Gold Award winning Shavlik Protect
  • Flexible architecture to manage servers agentless and endpoints with Agents and Cloud Agents

Click here to get started with Shavlik Protect

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS16-140

3193479
Security feature bypass

/ Microsoft Windows
Workstations
Servers
No/NoNoImportant Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Requires restartUpdate after testing
MS16-134

3193706
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Multiple vulnerabilities, requires restartUpdate after testing
MS16-142

3198467
Arbitrary code

/ Internet Explorer
Workstations
Servers
No/NoNoCritical Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Multiple vulnerabilities, requires restartUpdate immediately
MS16-129

3199057
Arbitrary code

/ Microsoft Edge
Workstations
Terminal Servers
No/NoNoCritical Windows 10
Edge
Multiple vulnerabilities, requires restartUpdate immediately
MS16-132

3199120
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/YesYesCritical Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Multiple vulnerabilities, requires restartUpdate immediately
MS16-135

3199135
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/YesNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Multiple vulnerabilities, requires restartUpdate after testing
MS16-131

3199151
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
No/NoNoCritical Vista
Windows 7
Windows 8.1
Windows RT 8.1
Windows 10
Requires restartUpdate immediately
MS16-133

3199168
Arbitrary code

/ Microsoft Office
Workstations
Terminal Servers
Servers
Sharepoint Servers
No/NoNoImportant Office 2007
Office 2010
Office 2011 for MAC
Office Web Apps 2010
SharePoint Server 2010
SharePoint Server 2013
Office 2013 RT
Office 2013
Office 2016 for Mac
Office 2016
Office Web Apps 2013
Multiple vulnerabilities, requires restartUpdate after testing
MS16-130

3199172
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoCritical Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Multiple vulnerabilities, requires restartUpdate immediately
MS16-137

3199173
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Multiple vulnerabilities, requires restartUpdate after testing
MS16-136

3199641
Privilege elevation

/ Microsoft SQL Server
SQL Servers
No/NoNoImportant SQL Server 2012
SQL Server 2014
SQL Server 2016
Multiple vulnerabilities, requires restartUpdate after testing
MS16-138

3199647
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Multiple vulnerabilities, requires restartUpdate after testing
MS16-139

3199720
Privilege elevation

/ Microsoft Windows
Workstations
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Requires restartUpdate after testing
MS16-141

3202790
Arbitrary code

/ Adobe Flash Player
Workstations
Servers
No/NoYesCritical Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Server 2016
Multiple vulnerabilities, requires restartUpdate immediately

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.