Patch Analysis for March 2016

Welcome to this March Patch Tuesday Bulletin. This month brings 13 patches, 5 of those patches are critical and 8 of the patches fix arbitrary code execution bugs. There were no patches that fixed actively attacked vulnerabilities. Start this month with the usual line up of Internet Explorer MS16-023 and Edge MS16-024. Look at the remaining Critical patches this month and apply the following since they will affect most organization: MS16-026, MS16-027 and MS16-028. MS16-025 is an Important rated patch that remediates a vulnerability that could allow an attacker with local access to execute arbitrary code. MS16-029 is a patch that fixes multiple vulnerabilities in most modern Microsoft Office distributions. MS16-030 fixes another client side vulnerability in Windows that may allow arbitrary code to be executed if a user opens a malicious file or visits a malicious site. MS16-031, MS16-032, MS16-033 and MS16-034 are all Important rated patches that fix Elevation of Privilege vulnerabilities. Finally, MS16-035 remediates a Security Feature Bypass in the .NET Framework. It is important to note that almost every vulnerability here requires end user or local activity to exploit any of these vulnerabilities. One of the most effective strategies to fight these client side attacks is user awareness. A little security training can go a long way to avoiding a compromised endpoint.

Correlate application security events with all the other enterprise events

If your SIEM isn't getting the security events from Microsoft's enterprise applications, it is missing an important part of the story. SQL Server, Exchange and SharePoint audit logs are too important to be missing from your SIEM or log management solution. Find out more about how to audit these applications, and learn how to get their security audit event data into your SIEM.

Browse to www.logbinder.com/Solutions

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS16-031

3140410
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Requires restartUpdate after testing
MS16-025

3140709
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Requires restartUpdate after testing
MS16-035

3141780
Security feature bypass

/ Microsoft .NET Framework
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
May require restartUpdate after testing
MS16-029

3141806
Arbitrary code

/ Microsoft Office
Workstations
Terminal Servers
Sharepoint Servers
No/NoYesImportant Office 2007
Office 2010
Office 2011 for MAC
Office 2013 RT
Office 2013
Office 2013 Web Apps
Office 2010 Web Apps
SharePoint Designer 2010
SharePoint Designer 2013
Office 2016 for Mac
Office 2016
Multiple vulnerabilities, may require restartUpdate after testing
MS16-023

3142015
Arbitrary code

/ Internet Explorer
Workstations
Terminal Servers
No/NoNoCritical Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Multiple vulnerabilities, requires restartUpdate immediately
MS16-024

3142019
Arbitrary code

/ Microsoft Edge
Terminal Servers
No/NoNoCritical Microsoft Edge
Multiple vulnerabilities, requires restartUpdate immediately
MS16-028

3143081
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoCritical Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, may require restartUpdate immediately
MS16-030

3143136
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, requires restartUpdate after testing
MS16-032

3143141
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Requires restartUpdate after testing
MS16-033

3143142
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
May require restartUpdate after testing
MS16-034

3143145
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows 10
Multiple vulnerabilities, requires restartUpdate after testing
MS16-027

3143146
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
No/NoNoCritical Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, may require restartUpdate immediately
MS16-026

3143148
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
No/NoYesCritical Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, requires restartUpdate immediately

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.