Patch Analysis for May 2016

Welcome to this May Patch Tuesday Bulletin. This month brings 16 patches including 8 critical patches and 2 that remediate actively attacked vulnerabilities. Start with patches for Internet Explorer (MS16-051) and VBScript (MS16-053). These patches fix actively attacked vulnerabilities and should be the top priority this month. Review MS16-064 which applies fixes for Adobe Flash Player. MS16-064 references an Adobe Bulletin APSB16-15 which at this time is not available. Looking at the the Adobe security bulletins and advisories site there seems to be a new security advisory for Flash Player which outlines an actively attacked critical vulnerability in flash player that is not covered by MS16-064. Monitor the Microsoft bulletin for MS16-064 and Adobe security bulletins and advisories for updates and hopefully a patch to fix this critical flash player vulnerability will be available soon. Follow up with the remaining critical patches MS16-052, MS16-054, MS16-0MS16-055, MS16-056, MS16-057. There are 2 Important rated patches ( MS16-058 and MS16-059) for IIS on Windows 10 and Windows Media Center. There are 3 Important severity patches (MS16-060, MS16-061 and MS16-062) that apply fixes for core Windows processes that include the kernel and RPC. Finally, apply the 3 remaining Important severity patches that include MS16-065, MS16-066 and MS16-067.

Correlate application security events with all the other enterprise events

If your SIEM isn't getting the security events from Microsoft's enterprise applications, it is missing an important part of the story. SQL Server, Exchange and SharePoint audit logs are too important to be missing from your SIEM or log management solution. Find out more about how to audit these applications, and learn how to get their security audit event data into your SIEM.

Browse to www.logbinder.com/Solutions

Did you remove QuickTime from your environment yet? A few weeks ago in my blog we took a deep dive in to how to block QuickTime from running using AppLocker. More importantly we published a video showing you how to find all the PCs in your environment with QuickTime and then how to eliminate the risk completely from your network. You can read about it here.

You can also easily patch the servers, desktops and laptops in your Windows environment with SolarWinds Patch Manager. You can download a fully functional free 30-day trial here. One of the things I love about SolarWinds Patch Manager is that it will help you manage your Windows and also 3rd party application patches all without needing an agent on every machine.

So, without further ado, here’s the chart of MS patches for this month.

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS16-058

3141083
Arbitrary code

/ Microsoft Windows IIS
IIS Servers
No/NoNoImportant Vista
Server 2008
Requires restartUpdate after testing
MS16-059

3150220
Arbitrary code

/ Windows Media Center
Workstations
Terminal Servers
No/NoYesImportant Vista
Windows 7
Windows 8.1
May require restartUpdate after testing
MS16-060

3154846
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008 R2
Windows 7
Windows RT
Server 2012 R2
Windows 8.1
Windows 10
Requires restartUpdate after testing
MS16-066

3155451
Security feature bypass

/ Microsoft Windows
Workstations
No/NoNoImportant Windows 10
Requires restartUpdate after testing
MS16-061

3155520
Privilege elevation

/ Microsoft RPC
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Requires restartUpdate after testing
MS16-051

3155533
Arbitrary code

/ Internet Explorer
Workstations
Terminal Servers
No/YesYesCritical Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Multiple vulnerabilities, requires restartUpdate immediately
MS16-052

3155538
Arbitrary code

/ Microsoft Edge
Workstations
Terminal Servers
No/NoNoCritical Edge
Multiple vulnerabilities, requires restartUpdate immediately
MS16-054

3155544
Arbitrary code

/ Microsoft Office
Workstations
Terminal Servers
Sharepoint Servers
No/NoYesCritical Office 2007
Office 2010
Office 2011 for MAC
Office 2013 RT
Office 2013
Office 2010 Web Apps
SharePoint Designer 2010
Office 2016 for Mac
Office 2016
Multiple vulnerabilities, may require restartUpdate immediately
MS16-067

3155784
Information disclosure

/ Microsoft Windows
Workstations
Servers
No/NoNoImportant Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
May require restartUpdate after testing
MS16-055

3156754
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoYesCritical Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, requires restartUpdate immediately
MS16-065

3156757
Information disclosure

/ Microsoft .NET Framework
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
May require restartUpdate after testing
MS16-056

3156761
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
No/NoYesCritical Vista
Windows 7
Windows 8.1
Windows RT 8.1
Windows 10
May require restartUpdate immediately
MS16-053

3156764
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/YesYesCritical Vista
Server 2008
Multiple vulnerabilities, may require restartUpdate immediately
MS16-057

3156987
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoCritical Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Requires restartUpdate immediately
MS16-064

3157993
Arbitrary code

/ Adobe Flash Player
Workstations
Terminal Servers
No/NoYesCritical Server 2012
Server 2012 R2
Multiple vulnerabilities, may require restartUpdate immediately
MS16-062

3158222
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, requires restartUpdate after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.

 

Additional Resources