Patch Analysis for April 2016

Welcome to this April Patch Tuesday Bulletin. This month brings 13 patches, 6 of these patches are critical and one is being exploited in the wild. Usually Internet Explorer is the top priority but this month take a look at MS16-039 first. This patch fixes a number of vulnerabilities that affect .NET, Office, Lync, and Skype. Two privilege escalation vulnerabilities (CVE-2016-0165, CVE-2016-0167) are being actively attacked so it is the number one priority. Follow up with our monthly Internet Explorer patch MS16-037 and Edge patch MS16-038 if Edge is used in the environment. MS16-040 fixes a critical arbitrary code execution vulnerability that could allow a client side attack if a user clicks a malicious link. MS16-042 fixes another arbitrary code execution vulnerability but this time in Microsoft Office. A client side attack would leverage this vulnerability as well but this time the user would have to open a malicious Office file. The final Critical Patch, MS16-050, remediates vulnerabilities with Adobe FLash Player and should be applied as soon as possible. MS16-041, MS16-044, and MS16-045 all remediate Important rated arbitrary code execution vulnerabilities. Pay close attention to MS16-045 if Hyper-V is used in the environment since a possible virtual machine escape to the host Hyper-V operating system could be possible if this vulnerability is exploited. MS16-047 and MS16-048 fix elevation of privilege vulnerabilities in Windows. MS16-049 is interesting since it fixes a denial service vulnerability with Windows 10. A malicious HTTP network packet could cause a denial of service condition that may lead to service disruption if Windows 10 is used heavily in the organization so prioritize this patch based upon your environment. Finally, apply MS16-048 to remediate a security feature bypass in Windows.

You may also be interested in our sponsor, Dell Defender, upcoming webinar on Multi-Factor Authentication: "Doing Multi-Factor Authentication Right the First Time: 8 Technical Requirements". There's usually a particular risk or application that pushes management to break down and finally implement multi-factor authentication (MFA). I often see organizations rush out and implement a point solution for applying MFA to a hot use case. Then what happens? You've only solved one problem. Invariably one or more of the following happens pretty soon:

  • When auditors, regulators hammer on another big risk area
  • You implement a new app that also requires MFA to achieve acceptable risk
  • An executive gets worked up about the latest exploit in the news and demands a wider adoption of MFA (that's a good thing)
  • A manager leaves who was standing in the way of MFA expansion to a vital business area or technology

There is a better way: In this webinar I'll drill down into these and show you a solution, featuring Dell Defender, that nails them cold. I'll help you understand the role that many important technologies play including RADIUS, PAM, AD, OATH, SAML, OpenID Connect and more. Don't miss out on this "real training for free" ™ event. Register now.

Correlate application security events with all the other enterprise events

If your SIEM isn't getting the security events from Microsoft's enterprise applications, it is missing an important part of the story. SQL Server, Exchange and SharePoint audit logs are too important to be missing from your SIEM or log management solution. Find out more about how to audit these applications, and learn how to get their security audit event data into your SIEM.

Browse to

Receive Randy's same-day, independent analysis each Patch Tuesday

We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.


Additional Resources