This week marked the final Microsoft “Patch Tuesday” of 2016. Microsoft had a record-breaking year with 155 bulletins covering more than 500 CVEs. This week’s TippingPoint Digital Vaccine (DV) package includes coverage for the Microsoft Security Bulletins released on or before December 13, 2016. This month’s Patch Tuesday covered 48 CVEs with 12 update bulletins – six of them rated critical. The following table maps Digital Vaccine filters to the Microsoft Security Bulletins. Filters designated with an asterisk (*) shipped prior to this week’s package, providing zero-day protection for our customers. You can get more detailed information on this month’s Microsoft Security Bulletins from Dustin Childs’ December 2016 Security Update Review:
| Bulletin # | CVE # | Digital Vaccine Filter # | Status |
| MS16-132 | CVE-2016-7256 | 26093 | |
| MS16-144 | CVE-2016-7202 | *25443 | |
| MS16-144 | CVE-2016-7278 | 26105 | |
| MS16-144 | CVE-2016-7279 | 26108 | |
| MS16-145 | CVE-2016-7279 | 26108 | |
| MS16-144 | CVE-2016-7281 | Insufficient information | |
| MS16-145 | CVE-2016-7281 | Insufficient information | |
| MS16-144 | CVE-2016-7282 | 26116 | |
| MS16-145 | CVE-2016-7282 | 26116 | |
| MS16-144 | CVE-2016-7283 | 24976 | |
| MS16-144 | CVE-2016-7284 | 26118 | |
| MS16-144 | CVE-2016-7287 | 26081 | |
| MS16-145 | CVE-2016-7287 | 26081 | |
| MS16-145 | CVE-2016-7181 | Insufficient information | |
| MS16-145 | CVE-2016-7206 | 26106 | |
| MS16-145 | CVE-2016-7280 | 26119 | |
| MS16-145 | CVE-2016-7286 | 26109 | |
| MS16-145 | CVE-2016-7288 | 26091 | |
| MS16-145 | CVE-2016-7296 | 26097 | |
| MS16-145 | CVE-2016-7297 | 26103 | |
| MS16-146 | CVE-2016-7257 | 26179 | |
| MS16-148 | CVE-2016-7257 | 26179 | |
| MS16-146 | CVE-2016-7272 | 26100 | |
| MS16-146 | CVE-2016-7273 | Insufficient information | |
| MS16-147 | CVE-2016-7274 | 26101 | |
| MS16-148 | CVE-2016-7262 | 26120 | |
| MS16-148 | CVE-2016-7263 | Insufficient information | |
| MS16-148 | CVE-2016-7264 | 26176 | |
| MS16-148 | CVE-2016-7265 | 26177 | |
| MS16-148 | CVE-2016-7266 | 26180 | |
| MS16-148 | CVE-2016-7267 | 26181 | |
| MS16-148 | CVE-2016-7268 | 26182 | |
| MS16-148 | CVE-2016-7275 | 26186 | |
| MS16-148 | CVE-2016-7276 | 26175 | |
| MS16-148 | CVE-2016-7277 | 26099 | |
| MS16-148 | CVE-2016-7289 | 26183 | |
| MS16-148 | CVE-2016-7290 | Insufficient information | |
| MS16-148 | CVE-2016-7291 | Insufficient information | |
| MS16-148 | CVE-2016-7298 | Insufficient information | |
| MS16-148 | CVE-2016-7300 | Insufficient information | |
| MS16-149 | CVE-2016-7219 | 26113 | |
| MS16-149 | CVE-2016-7292 | 26117 | |
| MS16-150 | CVE-2016-7271 | Insufficient information | |
| MS16-151 | CVE-2016-7259 | Insufficient information | |
| MS16-151 | CVE-2016-7260 | 26115 | |
| MS16-152 | CVE-2016-7258 | Insufficient information | |
| MS16-153 | CVE-2016-7295 | 26102 | |
| MS16-155 | CVE-2016-7270 | Insufficient information |
Zero-Day Filters
We did not have any new zero-day filters in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website.
Updated Existing Zero-Day Filters
This section highlights specific filter(s) of interest in this week’s Digital Vaccine package that have been updated as a result of a vendor either issuing a patch for a vulnerability found via the Zero Day Initiative or a vulnerability that has been published by the Zero Day Initiative in accordance with its Disclosure Policy.
This week’s updated zero-day filters focus on vulnerabilities in Adobe Flash. The updated filters reflect the fact that the vulnerabilities have been published because Adobe has issued patches for them. TippingPoint customers have been protected since November 1, 2016.
|
|
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.
