• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Exploits   »   May 2016 Patch Tuesday Fixes Browser and Scripting Engine Flaws

May 2016 Patch Tuesday Fixes Browser and Scripting Engine Flaws

  • Posted on:May 10, 2016 at 8:59 pm
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Jonathan Leopando (Technical Communications)
0

The second Tuesday of the month has arrived which means the arrival of regularly scheduled patches from Microsoft and other vendors. This month’s release includes sixteen bulletins from Microsoft, as well as an update from Adobe for their PDF-related application. A separate update for Flash Player will arrive later this week.

Of the sixteen Microsoft bulletins, eight are rated Critical. There is one bulletin each for Internet Explorer and Edge; these fix several issues in these browsers that could lead to remote code execution. The remaining six Critical bulletins cover a variety of Windows components as well as Microsoft Office.

The most critical vulnerability fixed is CVE-2016-0189, which is actually covered in two separate bulletins: MS16-051 (the cumulative Internet Explorer bulletin) and MS16-053 (covering both JavaScript and VBScript scripting engines). This particular flaw is a memory corruption vulnerability that could allow for remote code execution. Exploits have already been found in the wild; it is covered twice because in certain Windows versions the vulnerable scripting engine is also packaged separately from the browser.

The remaining eight bulletins are rated as Important and also cover a range of Microsoft products, from Windows IIS (the web server) to Windows Media Center.

As for Adobe, APSB16-14 contains fixes for their current PDF-related products – both the newest version (Acrobat DC/Acrobat Reader DC) and the previous version, (Acrobat/Reader). A total of 97 separate vulnerabilities were fixed.

More worryingly, they also released APSA16-02, which notified users that a vulnerability (CVE-2016-4117) is present in current versions of Flash Player and is being exploited in the wild. A fix is expected by May 12.

Users are highly recommended to apply all these patches as soon as possible.

Trend Micro solutions

Trend Micro Deep Security and Vulnerability Protection protect user systems from any threats that may leverage these Microsoft vulnerabilities via the following DPI rules:

  • 1007537-Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2016-0120)
  • 1007612-Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0187)
  • 1007613-Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0189)
  • 1007614-Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0192)
  • 1007615-Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0191)
  • 1007616-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-0193)
  • 1007617-Microsoft Office Memory Corruption Vulnerability (CVE-2016-0126)
  • 1007618-Microsoft Office Memory Corruption Vulnerability (CVE-2016-0140)
  • 1007619-Microsoft Office Graphics RCE Vulnerability (CVE-2016-0183)
  • 1007620-Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-0168)
  • 1007621-Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-0169)
  • 1007622-Microsoft Windows Graphics Component RCE Vulnerability (CVE-2016-0170)
  • 1007623-Microsoft Windows Direct3D Use After Free Vulnerability (CVE-2016-0184)
  • 1007624-Microsoft Windows Media Center Remote Code Execution Vulnerability (CVE-2016-0185)

The following rules cover the vulnerabilities in Adobe products:

  • 1007629-Adobe Acrobat And Reader Integer Overflow Vulnerability (CVE-2016-1043)
  • 1007630-Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-1063)
  • 1007631-Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2016-1065)
  • 1007632-Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2016-1070)
  • 1007633-Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-1073)

TippingPoint customers has been protected from attacks exploiting this vulnerability with the following MainlineDV filter:

  • 23802: HTTP: Microsoft Internet Explorer and Edge insertRule Memory Corruption Vulnerability (ZDI-16-276)
  • 24031: HTTP: Microsoft Edge Proxy Memory Corruption Vulnerability (Pwn2Own ZDI-16-282)
  • 24034: HTTP: Microsoft Edge fill Memory Corruption Vulnerability (Pwn2Own ZDI-16-283)
  • 24366: HTTP: Microsoft Windows Media Center Code Execution Vulnerability (ZDI-16-277)
  • 24532: HTTP: Microsoft Excel Memory Corruption Vulnerability
  • 24533: HTTP: Microsoft Office RTF Memory Corruption Vulnerability
  • 24534: HTTP: Microsoft Internet Explorer JSON.stringify Use-After-Free Vulnerability
  • 24535: HTTP: Microsoft Internet Explorer ReDim Use-After-Free Vulnerability
  • 24536: HTTP: Microsoft Internet Explorer EMF Parsing Information Disclosure Vulnerability
  • 24537: HTTP: Microsoft Internet Explorer EMF Parsing Integer Overflow Vulnerability
  • 24540: HTTP: Microsoft Windows Configuration Manager Privilege Escalation Vulnerability
  • 24541: HTTP: Microsoft Windows RPC Memory Corruption Vulnerability
  • 24542: HTTP: Microsoft Windows win32k.sys Use-After-Free Vulnerability
  • 24543: HTTP: Microsoft Windows win32kfull.sys Use-After-Free Vulnerability (Pwn2Own ZDI-16-279)
  • 24544: HTTP: Microsoft Windows win32kfull.sys Use-After-Free Vulnerability
  • 24545: HTTP: Microsoft Edge getImageData Use-After-Free Vulnerability
  • 24547: HTTP: Microsoft Windows win32kfull.sys Use-After-Free Vulnerability (Pwn2Own ZDI-16-280)
  • 24548: HTTP: Microsoft Windows Information Disclosure Vulnerability (Pwn2Own ZDI-16-281)
  • 24549: HTTP: Microsoft Internet Explorer VerifyFile Information Disclosure Vulnerability (ZDI-16-275)
  • 24550: HTTP: Microsoft Windows Dxgkrnl.sys Buffer Overflow Vulnerability (Pwn2Own ZDI-16-284)

Update as of May 11, 2016, 7:25 AM (UTC-7)

Information on TippingPoint filters that can protect customers from these vulnerabilities has been added.

Update as of May 12, 2016, 5:00 PM (UTC-7)

Adobe has now released the promised update for Adobe Flash Player. Details can be found in their security bulletin APSB16-15. The newest version for most users is now 21.0.0.242.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: May 2016Patch Tuesday

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.