• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Vulnerabilities   »   Patch Tuesday of December 2016: Microsoft Releases 12 Bulletins, Six Critical

Patch Tuesday of December 2016: Microsoft Releases 12 Bulletins, Six Critical

  • Posted on:December 14, 2016 at 1:01 am
  • Posted in:Vulnerabilities
  • Author:
    Giannina Escueta (Technical Communications)
0

For the last Patch Tuesday of 2016, Microsoft adds 12 bulletins split evenly into six rated Critical and six rated Important. Among the critical updates was MS16-148, which patches several vulnerabilities in Microsoft Office. If exploited, the most severe of these vulnerabilities could allow attackers to run arbitrary code in the guise of the user.

Other critical updates include the regular cumulative patches for Internet Explorer (MS16-144) and Microsoft Edge (MS16-145). These web browser vulnerabilities could be exploited to give an attacker the same user rights as the compromised user, which has more severe effects for those holding administrative privileges.

Adobe also released their patches, including a fix for a critical Adobe Flash vulnerability that is reportedly being used in targeted attacks against users running Internet Explorer (32-bit) on Windows. Adobe released APSB16-39 with the latest Flash Player 24.0.0.186, while Microsoft also addressed the issue with MS16-154.

Trend Micro researchers assisted with defense-in-depth for MS16-146.

CVE-2016-7272 (MS16-146) was disclosed via Trend Micro’s Zero Day initiative (ZDI).

Trend Micro Solutions

Trend Micro Deep Security and Vulnerability Protection protect user systems from any threats that may target these Microsoft vulnerabilities via the following DPI rules:

  • 1008043-Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3393)
  • 1008048-NTP Mrulist Malicious Query Denial Of Service Vulnerability (CVE-2016-7434)
  • 1008054-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-7202)
  • 1008055-Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-7278)
  • 1008056-Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7279)
  • 1008057-Microsoft Internet Explorer And Edge Security Feature Bypass Vulnerability (CVE-2016-7282)
  • 1008058-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-7283)
  • 1008059-Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-7284)
  • 1008060-Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7287)
  • 1008061-Microsoft Edge Information Disclosure Vulnerability (CVE-2016-7206)
  • 1008062-Microsoft Edge Information Disclosure Vulnerability (CVE-2016-7280)
  • 1008063-Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7286)
  • 1008064-Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7288)
  • 1008065-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7296)
  • 1008066-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7297)
  • 1008067-Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2016-7274)
  • 1008068-Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2016-7272)
  • 1008069-Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2016-7257)
  • 1008070-Microsoft Office Information Disclosure Vulnerability (CVE-2016-7268)
  • 1008071-Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-7267)
  • 1008072-Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-7266)
  • 1008073-Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-7262)
  • 1008074-Microsoft Office Information Disclosure Vulnerability (CVE-2016-7265)
  • 1008075-Microsoft Office Information Disclosure Vulnerability (CVE-2016-7264)
  • 1008076-Microsoft Office Information Disclosure Vulnerability (CVE-2016-7276)
  • 1008077-Microsoft Office Memory Corruption Vulnerability (CVE-2016-7277)
  • 1008078-Microsoft Office Memory Corruption Vulnerability (CVE-2016-7289)
  • 1008079-Microsoft Win32k Elevation Of Privilege Vulnerability (CVE-2016-7259)
  • 1008080-Microsoft Win32k Elevation Of Privilege Vulnerability (CVE-2016-7260)
  • 1008081-Microsoft Windows Common Log File System Driver Information Disclosure Vulnerability (CVE-2016-7295)
  • 1008083-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3384)
  • 1008084-Microsoft Office OLE DLL Loading Vulnerability Over WebDAV (CVE-2016-7275)

TippingPoint customers are protected from attacks exploiting these vulnerabilities with the following MainlineDV filters:

  • 24976: HTTP: Microsoft Internet Explorer BDI Out-of-Bounds Access Vulnerability
  • 26081: HTTP: Microsoft Internet Explorer and Edge defineProperty Type Confusion Vulnerability
  • 26091: HTTP: Microsoft Edge ArrayBuffer Use-After-Free Vulnerability
  • 26093: HTTP: Microsoft Windows OpenType Font Memory Corruption Vulnerability
  • 26097: HTTP: Microsoft Edge spread Memory Corruption Vulnerability
  • 26099: HTTP: Microsoft Excel Memory Corruption Vulnerability
  • 26100: HTTP: Microsoft Internet Explorer ICO Parsing Integer Overflow Vulnerability
  • 26101: HTTP: Microsoft Windows GDI32.dll Buffer Overflow Vulnerability
  • 26103: HTTP: Microsoft Edge concat Type Confusion Vulnerability
  • 26105: HTTP: Microsoft Office and Internet Explorer Hlink Memory Corruption Vulnerability
  • 26106: HTTP: Microsoft Edge CSS Information Disclosure Vulnerability
  • 26108: HTTP: Microsoft Internet Explorer and Edge Document Title Buffer Overflow Vulnerability
  • 26109: HTTP: Microsoft Edge SIMD Memory Corruption Vulnerability
  • 26116: HTTP: Microsoft Internet Explorer and Edge History Information Disclosure Vulnerability
  • 26118: HTTP: Microsoft Internet Explorer textContent Memory Corruption Vulnerability
  • 26119: HTTP: Microsoft Edge Cross-Site Scripting Vulnerability
  • 26120: HTTP: Microsoft Excel ddeService Command Execution Vulnerability
  • 26175: HTTP: Microsoft PowerPoint FontEmbedDataBlob Out-of-Bounds Read Vulnerability
  • 26176: HTTP: Microsoft Excel CrtMlFrt Out-of-Bounds Read Vulnerability
  • 26177: HTTP: Microsoft Excel BrtRangeProtection Information Disclosure Vulnerability
  • 26179: HTTP: Microsoft Office WMF Memory Corruption Vulnerability
  • 26180: HTTP: Microsoft Excel Executable Object Security Bypass Vulnerability
  • 26181: HTTP: Microsoft Office XLW Security Bypass Vulnerability
  • 26182: HTTP: Microsoft Office .doc Information Disclosure Vulnerability
  • 26183: HTTP: Microsoft Publisher MSVCR90 Out-of-Bounds Read Vulnerability
  • 26186: HTTP: mstr2tsc.dll File Download

Updated on December 20, 2016 7:15 PM (UTC-7)

Trend Micro Deep Security addressed the critical Adobe Flash vulnerabilities covered in APSB16-39 with the following DPI rule:

  • 1008090-Adobe Flash Player Multiple Security Vulnerabilities (APSB16-39)

TippingPoint customers are protected from the Adobe Flash vulnerabilities covered in APSB16-39 with the following MainlineDV filters:

25810: HTTP: Adobe Flash NetConnection Use-After-Free Vulnerability (ZDI-16-619)
26190: HTTP: Adobe Flash RegExp *MARK Memory Corruption Vulnerability (ZDI-16-622)
26192: HTTP: Adobe Flash RegExp *THEN Memory Corruption Vulnerability (ZDI-16-625)
26193: HTTP: Adobe Flash RegExp *PRUNE Memory Corruption Vulnerability (ZDI-16-624)
26195: HTTP: Adobe Flash RegExp *SKIP Memory Corruption Vulnerability (ZDI-16-623)
26196: HTTP: Adobe Flash Action Message Format Use-After-Free Vulnerability
26202: HTTP: Adobe Flash Primetime SDK Memory Corruption Vulnerability
26203: HTTP: Adobe Flash NetConnection proxyType Memory Corruption Vulnerability
26205: HTTP: Adobe Flash BitmapData.applyFilter Integer Overflow Vulnerability (ZDI-16-621)
26264: HTTP: Adobe Flash onSetFocus Use-After-Free Vulnerability

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: December 2016Patch Tuesday

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.