For the last Patch Tuesday of 2016, Microsoft adds 12 bulletins split evenly into six rated Critical and six rated Important. Among the critical updates was MS16-148, which patches several vulnerabilities in Microsoft Office. If exploited, the most severe of these vulnerabilities could allow attackers to run arbitrary code in the guise of the user.
Other critical updates include the regular cumulative patches for Internet Explorer (MS16-144) and Microsoft Edge (MS16-145). These web browser vulnerabilities could be exploited to give an attacker the same user rights as the compromised user, which has more severe effects for those holding administrative privileges.
Adobe also released their patches, including a fix for a critical Adobe Flash vulnerability that is reportedly being used in targeted attacks against users running Internet Explorer (32-bit) on Windows. Adobe released APSB16-39 with the latest Flash Player 24.0.0.186, while Microsoft also addressed the issue with MS16-154.
Trend Micro researchers assisted with defense-in-depth for MS16-146.
CVE-2016-7272 (MS16-146) was disclosed via Trend Micro’s Zero Day initiative (ZDI).
Trend Micro Solutions
Trend Micro Deep Security and Vulnerability Protection protect user systems from any threats that may target these Microsoft vulnerabilities via the following DPI rules:
- 1008043-Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2016-3393)
- 1008048-NTP Mrulist Malicious Query Denial Of Service Vulnerability (CVE-2016-7434)
- 1008054-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-7202)
- 1008055-Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-7278)
- 1008056-Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-7279)
- 1008057-Microsoft Internet Explorer And Edge Security Feature Bypass Vulnerability (CVE-2016-7282)
- 1008058-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-7283)
- 1008059-Microsoft Internet Explorer Information Disclosure Vulnerability (CVE-2016-7284)
- 1008060-Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7287)
- 1008061-Microsoft Edge Information Disclosure Vulnerability (CVE-2016-7206)
- 1008062-Microsoft Edge Information Disclosure Vulnerability (CVE-2016-7280)
- 1008063-Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7286)
- 1008064-Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7288)
- 1008065-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7296)
- 1008066-Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7297)
- 1008067-Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2016-7274)
- 1008068-Microsoft Windows Graphics Remote Code Execution Vulnerability (CVE-2016-7272)
- 1008069-Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2016-7257)
- 1008070-Microsoft Office Information Disclosure Vulnerability (CVE-2016-7268)
- 1008071-Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-7267)
- 1008072-Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-7266)
- 1008073-Microsoft Office Security Feature Bypass Vulnerability (CVE-2016-7262)
- 1008074-Microsoft Office Information Disclosure Vulnerability (CVE-2016-7265)
- 1008075-Microsoft Office Information Disclosure Vulnerability (CVE-2016-7264)
- 1008076-Microsoft Office Information Disclosure Vulnerability (CVE-2016-7276)
- 1008077-Microsoft Office Memory Corruption Vulnerability (CVE-2016-7277)
- 1008078-Microsoft Office Memory Corruption Vulnerability (CVE-2016-7289)
- 1008079-Microsoft Win32k Elevation Of Privilege Vulnerability (CVE-2016-7259)
- 1008080-Microsoft Win32k Elevation Of Privilege Vulnerability (CVE-2016-7260)
- 1008081-Microsoft Windows Common Log File System Driver Information Disclosure Vulnerability (CVE-2016-7295)
- 1008083-Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3384)
- 1008084-Microsoft Office OLE DLL Loading Vulnerability Over WebDAV (CVE-2016-7275)
TippingPoint customers are protected from attacks exploiting these vulnerabilities with the following MainlineDV filters:
- 24976: HTTP: Microsoft Internet Explorer BDI Out-of-Bounds Access Vulnerability
- 26081: HTTP: Microsoft Internet Explorer and Edge defineProperty Type Confusion Vulnerability
- 26091: HTTP: Microsoft Edge ArrayBuffer Use-After-Free Vulnerability
- 26093: HTTP: Microsoft Windows OpenType Font Memory Corruption Vulnerability
- 26097: HTTP: Microsoft Edge spread Memory Corruption Vulnerability
- 26099: HTTP: Microsoft Excel Memory Corruption Vulnerability
- 26100: HTTP: Microsoft Internet Explorer ICO Parsing Integer Overflow Vulnerability
- 26101: HTTP: Microsoft Windows GDI32.dll Buffer Overflow Vulnerability
- 26103: HTTP: Microsoft Edge concat Type Confusion Vulnerability
- 26105: HTTP: Microsoft Office and Internet Explorer Hlink Memory Corruption Vulnerability
- 26106: HTTP: Microsoft Edge CSS Information Disclosure Vulnerability
- 26108: HTTP: Microsoft Internet Explorer and Edge Document Title Buffer Overflow Vulnerability
- 26109: HTTP: Microsoft Edge SIMD Memory Corruption Vulnerability
- 26116: HTTP: Microsoft Internet Explorer and Edge History Information Disclosure Vulnerability
- 26118: HTTP: Microsoft Internet Explorer textContent Memory Corruption Vulnerability
- 26119: HTTP: Microsoft Edge Cross-Site Scripting Vulnerability
- 26120: HTTP: Microsoft Excel ddeService Command Execution Vulnerability
- 26175: HTTP: Microsoft PowerPoint FontEmbedDataBlob Out-of-Bounds Read Vulnerability
- 26176: HTTP: Microsoft Excel CrtMlFrt Out-of-Bounds Read Vulnerability
- 26177: HTTP: Microsoft Excel BrtRangeProtection Information Disclosure Vulnerability
- 26179: HTTP: Microsoft Office WMF Memory Corruption Vulnerability
- 26180: HTTP: Microsoft Excel Executable Object Security Bypass Vulnerability
- 26181: HTTP: Microsoft Office XLW Security Bypass Vulnerability
- 26182: HTTP: Microsoft Office .doc Information Disclosure Vulnerability
- 26183: HTTP: Microsoft Publisher MSVCR90 Out-of-Bounds Read Vulnerability
- 26186: HTTP: mstr2tsc.dll File Download
Updated on December 20, 2016 7:15 PM (UTC-7)
Trend Micro Deep Security addressed the critical Adobe Flash vulnerabilities covered in APSB16-39 with the following DPI rule:
- 1008090-Adobe Flash Player Multiple Security Vulnerabilities (APSB16-39)
TippingPoint customers are protected from the Adobe Flash vulnerabilities covered in APSB16-39 with the following MainlineDV filters:
25810: HTTP: Adobe Flash NetConnection Use-After-Free Vulnerability (ZDI-16-619)
26190: HTTP: Adobe Flash RegExp *MARK Memory Corruption Vulnerability (ZDI-16-622)
26192: HTTP: Adobe Flash RegExp *THEN Memory Corruption Vulnerability (ZDI-16-625)
26193: HTTP: Adobe Flash RegExp *PRUNE Memory Corruption Vulnerability (ZDI-16-624)
26195: HTTP: Adobe Flash RegExp *SKIP Memory Corruption Vulnerability (ZDI-16-623)
26196: HTTP: Adobe Flash Action Message Format Use-After-Free Vulnerability
26202: HTTP: Adobe Flash Primetime SDK Memory Corruption Vulnerability
26203: HTTP: Adobe Flash NetConnection proxyType Memory Corruption Vulnerability
26205: HTTP: Adobe Flash BitmapData.applyFilter Integer Overflow Vulnerability (ZDI-16-621)
26264: HTTP: Adobe Flash onSetFocus Use-After-Free Vulnerability
