The second Tuesday of the month has arrived which means the arrival of regularly scheduled patches from Microsoft and other vendors. This month’s release includes sixteen bulletins from Microsoft, as well as an update from Adobe for their PDF-related application. A separate update for Flash Player will arrive later this week.
Of the sixteen Microsoft bulletins, eight are rated Critical. There is one bulletin each for Internet Explorer and Edge; these fix several issues in these browsers that could lead to remote code execution. The remaining six Critical bulletins cover a variety of Windows components as well as Microsoft Office.
The most critical vulnerability fixed is CVE-2016-0189, which is actually covered in two separate bulletins: MS16-051 (the cumulative Internet Explorer bulletin) and MS16-053 (covering both JavaScript and VBScript scripting engines). This particular flaw is a memory corruption vulnerability that could allow for remote code execution. Exploits have already been found in the wild; it is covered twice because in certain Windows versions the vulnerable scripting engine is also packaged separately from the browser.
The remaining eight bulletins are rated as Important and also cover a range of Microsoft products, from Windows IIS (the web server) to Windows Media Center.
As for Adobe, APSB16-14 contains fixes for their current PDF-related products – both the newest version (Acrobat DC/Acrobat Reader DC) and the previous version, (Acrobat/Reader). A total of 97 separate vulnerabilities were fixed.
More worryingly, they also released APSA16-02, which notified users that a vulnerability (CVE-2016-4117) is present in current versions of Flash Player and is being exploited in the wild. A fix is expected by May 12.
Users are highly recommended to apply all these patches as soon as possible.
Trend Micro solutions
Trend Micro Deep Security and Vulnerability Protection protect user systems from any threats that may leverage these Microsoft vulnerabilities via the following DPI rules:
- 1007537-Microsoft Windows OpenType Font Parsing Vulnerability (CVE-2016-0120)
- 1007612-Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0187)
- 1007613-Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-0189)
- 1007614-Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-0192)
- 1007615-Microsoft Edge Memory Corruption Vulnerability (CVE-2016-0191)
- 1007616-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-0193)
- 1007617-Microsoft Office Memory Corruption Vulnerability (CVE-2016-0126)
- 1007618-Microsoft Office Memory Corruption Vulnerability (CVE-2016-0140)
- 1007619-Microsoft Office Graphics RCE Vulnerability (CVE-2016-0183)
- 1007620-Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-0168)
- 1007621-Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-0169)
- 1007622-Microsoft Windows Graphics Component RCE Vulnerability (CVE-2016-0170)
- 1007623-Microsoft Windows Direct3D Use After Free Vulnerability (CVE-2016-0184)
- 1007624-Microsoft Windows Media Center Remote Code Execution Vulnerability (CVE-2016-0185)
The following rules cover the vulnerabilities in Adobe products:
- 1007629-Adobe Acrobat And Reader Integer Overflow Vulnerability (CVE-2016-1043)
- 1007630-Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-1063)
- 1007631-Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2016-1065)
- 1007632-Adobe Acrobat And Reader Use After Free Vulnerability (CVE-2016-1070)
- 1007633-Adobe Acrobat And Reader Memory Corruption Vulnerability (CVE-2016-1073)
TippingPoint customers has been protected from attacks exploiting this vulnerability with the following MainlineDV filter:
- 23802: HTTP: Microsoft Internet Explorer and Edge insertRule Memory Corruption Vulnerability (ZDI-16-276)
- 24031: HTTP: Microsoft Edge Proxy Memory Corruption Vulnerability (Pwn2Own ZDI-16-282)
- 24034: HTTP: Microsoft Edge fill Memory Corruption Vulnerability (Pwn2Own ZDI-16-283)
- 24366: HTTP: Microsoft Windows Media Center Code Execution Vulnerability (ZDI-16-277)
- 24532: HTTP: Microsoft Excel Memory Corruption Vulnerability
- 24533: HTTP: Microsoft Office RTF Memory Corruption Vulnerability
- 24534: HTTP: Microsoft Internet Explorer JSON.stringify Use-After-Free Vulnerability
- 24535: HTTP: Microsoft Internet Explorer ReDim Use-After-Free Vulnerability
- 24536: HTTP: Microsoft Internet Explorer EMF Parsing Information Disclosure Vulnerability
- 24537: HTTP: Microsoft Internet Explorer EMF Parsing Integer Overflow Vulnerability
- 24540: HTTP: Microsoft Windows Configuration Manager Privilege Escalation Vulnerability
- 24541: HTTP: Microsoft Windows RPC Memory Corruption Vulnerability
- 24542: HTTP: Microsoft Windows win32k.sys Use-After-Free Vulnerability
- 24543: HTTP: Microsoft Windows win32kfull.sys Use-After-Free Vulnerability (Pwn2Own ZDI-16-279)
- 24544: HTTP: Microsoft Windows win32kfull.sys Use-After-Free Vulnerability
- 24545: HTTP: Microsoft Edge getImageData Use-After-Free Vulnerability
- 24547: HTTP: Microsoft Windows win32kfull.sys Use-After-Free Vulnerability (Pwn2Own ZDI-16-280)
- 24548: HTTP: Microsoft Windows Information Disclosure Vulnerability (Pwn2Own ZDI-16-281)
- 24549: HTTP: Microsoft Internet Explorer VerifyFile Information Disclosure Vulnerability (ZDI-16-275)
- 24550: HTTP: Microsoft Windows Dxgkrnl.sys Buffer Overflow Vulnerability (Pwn2Own ZDI-16-284)
Update as of May 11, 2016, 7:25 AM (UTC-7)
Information on TippingPoint filters that can protect customers from these vulnerabilities has been added.
Update as of May 12, 2016, 5:00 PM (UTC-7)
Adobe has now released the promised update for Adobe Flash Player. Details can be found in their security bulletin APSB16-15. The newest version for most users is now 21.0.0.242.
