Patch Analysis for June 2016

Welcome to this June Patch Tuesday Bulletin. The good news is there are no reported active attacks on any of the vulnerabilities that are patched this month. The bad news is there are 16 patches remediating 5 critical severity remote code execution vulnerabilities and 11 important severity vulnerabilities of various impact. Start the month with Internet Explorer and Edge patches MS16-063 and MS16-068 respectively. Follow up with MS16-071 which is a critical DNS Server patch. This bulletin could turn out to be particularly nasty since the vulnerability could allow code execution from maliciously crafted DNS requests. A Microsoft Office vulnerability is fixed with MS16-070. This vulnerability could be leveraged with phishing and other client side attacks. Finish the critical severity bulletins with MS16-069 which provides an update for Jscript and VBScript. There are 2 important severity code execution bulletins that should be addressed next. These include MS16-076 that updates Netlogon and MS16-080 that updates Windows PDF which is another potential client side attack. Start looking at the 6 elevation of privilege vulnerabilities by applying patches for MS16-072, MS16-073, MS16-074, MS16-075, MS16-077 and MS16-078. Finally apply MS16-079, MS16-081 and MS16-082 to remediate 2 denial of service vulnerabilities and an information disclosure vulnerability. Many of the vulnerabilities this month require user interaction to open a document, visit a url, or run an application. Take this month to review how end users are monitored and ways that application and system monitoring can be leveraged to look for these malicious activities.

Correlate application security events with all the other enterprise events

If your SIEM isn't getting the security events from Microsoft's enterprise applications, it is missing an important part of the story. SQL Server, Exchange and SharePoint audit logs are too important to be missing from your SIEM or log management solution. Find out more about how to audit these applications, and learn how to get their security audit event data into your SIEM.

Browse to www.logbinder.com/Solutions

or years I have been sending this Patch Tuesday newsletter to all you and for the past few years I've been promoting SolarWinds Patch Manager as a solution to easily get these patches installed safely and securely in your environment. I know I've said it before but I'm going to say it again - what I love about Patch Manager from SolarWinds is that it's agentless. It uses WMI for inventory and WSUS for patching which makes deployment an almost effortless task. Take this month for example. There are five critical patches with two of these patches targeting vulnerabilities in IE and another in MS Office. These are applications that reside on almost every business Windows workstation in your environment. SolarWinds Patch Manager can help you remediate these vulnerabilities today. I know as well as you do that it's one thing to talk about how great a solution is, but it's another thing to see it in action. SolarWinds has been kind enough to host an interactive demo online. So you're not just limited to screenshots of the solution but you can see the product in action and work with it. Click here to login with a guest account and see the solution for yourself. If, after working with the demo, you want to download a 30-day free trial and test it in your environment, please be sure to use the special link here that helps fund our research and real training that we provide free each and every month.

So, without further ado, here's the chart of MS patches for this month.

BulletinExploit Types
/Technologies Affected
System Types AffectedExploit
details public?
/ Being exploited?
Comprehensive,
practical
workaround
available?
MS severity ratingProducts AffectedNotesRandy's recommendation
MS16-079

3160339
Information disclosure

/ Microsoft Exchange
Exchange Servers
No/NoNoImportant Exchange 2007
Exchange 2010
Exchange 2013
Exchange 2016
Multiple vulnerabilities, may require restartUpdate after testing
MS16-081

3160352
Denial of service

/ Microsoft Windows
Servers
No/NoNoImportant Server 2008 R2
Server 2012
Server 2012 R2
Requires restartUpdate after testing
MS16-070

3163610
Arbitrary code

/ Microsoft Office
Workstations
Terminal Servers
Sharepoint Servers
No/NoYesCritical Office 2007
Office 2010
Office 2011 for MAC
SharePoint Server 2010
SharePoint Server 2013
Office 2013 RT
Office 2013
Office 2013 Web Apps
Office 2010 Web Apps
Office 2016 for Mac
Office 2016
Multiple vulnerabilities, may require restartUpdate immediately
MS16-072

3163622
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows 10
Requires restartUpdate after testing
MS16-069

3163640
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
No/NoYesCritical Vista
Server 2008
Multiple vulnerabilities, may require restartUpdate immediately
MS16-063

3163649
Arbitrary code

/ Internet Explorer
Workstations
Terminal Servers
No/NoYesCritical Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
Multiple vulnerabilities, requires restartUpdate immediately
MS16-068

3163656
Arbitrary code

/ Microsoft Edge
Workstations
Terminal Servers
No/NoNoCritical Microsoft Edge
Multiple vulnerabilities, requires restartUpdate immediately
MS16-073

3164028
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Windows RT
Server 2012 R2
Windows 8.1
Windows 10
Multiple vulnerabilities, requires restartUpdate after testing
MS16-074

3164036
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
DNS Servers
No/NoNoImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, requires restartUpdate after testing
MS16-075

3164038
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoYesImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Requires restartUpdate after testing
MS16-071

3164065
Arbitrary code

/ Microsoft Windows
Servers
No/NoNoCritical Server 2012
Server 2012 R2
Requires restartUpdate immediately
MS16-080

3164302
Arbitrary code

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Server 2012
Server 2012 R2
Windows 8.1
Windows 10
Multiple vulnerabilities, requires restartUpdate after testing
MS16-077

3165191
Privilege elevation

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoYesImportant Vista
Server 2008
Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows RT 8.1
Windows 10
Multiple vulnerabilities, requires restartUpdate after testing
MS16-082

3165270
Denial of service

/ Microsoft Windows
Workstations
Terminal Servers
Servers
No/NoNoImportant Server 2008 R2
Windows 7
Server 2012
Server 2012 R2
Windows 8.1
Windows 10
Requires restartUpdate after testing
MS16-078

3165479
Privilege elevation

/ Microsoft Windows
Workstations
No/NoNoImportant Windows 10
Requires restartUpdate after testing
MS16-076

3167691
Arbitrary code

/ Microsoft Windows
Servers
No/NoNoImportant Server 2008
Server 2008 R2
Server 2012
Server 2012 R2
Requires restartUpdate after testing

Receive Randy's same-day, independent analysis each Patch Tuesday

Email:
We will not share your address. Unsubscribe anytime. 

"Thank you. I am very glad I subscribed to this newsletter.  Relevant content clearly and concisely. Finally!!!"

- John K.

"I really like the Fast Facts on this Month's Microsoft Security Bulletins. Do you keep old copies? If yes, please let me know how I can access them?"

-Susan D.

"Thanks, Randy. Your regular updates have streamlined my monthly patching. Much appreciated,"

-  Steve T.

"Really appreciate your patch observor. In the corporate IT world, anything we can get our hands on that speeds the process of analyzing threats and how they may or may not apply to our environments is a God-send. Thanks so much for your efforts."

- Tess G.

"Many thanks for this Randy"

- Roger G.

"The chart is a REAAALLY good idea :)"

- Phil J.

"I like the table. Your insight is very valuable. "

Tom C.

"I liked your high level overview of patches in the table. There are so many sources of patch information which can be very specific or surrounded by other stuff that it’s refreshing to get everything summarised like this. The “Randy’s Recommendation” comment is useful starting point too. Please keep up the good work."

- David A.

"Your Patch Observer is a very good tool in making the decision whether to patch or not to patch. And also to patch asap or to wait a while before patching. Also I do think the use of the table is realy improving the readability of the provided information."

- Gerard T.

 

Additional Resources