Microsoft Patch Tuesday Summary for April 2016
Among today's Patches, here is my personal "patch ranking" by order of urgency:
- MS16-050: This is essentially Friday's out of band Adobe Flash patch. Adobe stated that it is already used to spread ransom ware. So don't wait on this one.
- MS16-039: Exploits are available for two of the vulnerabilities, and it is "no user interaction arbitrary code execution". This is the second one you should patch fast.
- MS16-037/38: This time, the Internet Explorer patch only fixes 6 vulnerabilities. But still, due to the large attack surface, browser vulnerabilities always need to be taken seriously.
- MS16-042: Code execution without user interaction in MSFT office will always find someone to write an exploit.
- MS16-040: Another large attack surface (XML Core Services) vulnerability. Exploitability is only rated as "2" however.
- MS16-041: This one is a bit tricky to pin down, but I rate it right after the XML Core Services due to the large attack surface (and a bit lower as it requires user interaction)
- MS16-044: Wasn't sure if I should rate this above '41' or not. I rated it lower in the end as it does require user interaction.
- MS16-045: Only affects HyperV and the attacker needs to already have some access
No strong preferences on the rest. Did anybody else notice that MS14-043 is missing?
Full patch summary: https://isc.sans.edu/mspatchdays.html?viewday=2016-04-12
If you don't like the layout, here is the API to make your own: https://isc.sans.edu/api/getmspatchday/2016-04-12
(or if you prefer json https://isc.sans.edu/api/getmspatchday/2016-04-12?json )
Keywords:
5 comment(s)
My next class:
Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
×
Diary Archives
Comments
Anonymous
Apr 13th 2016
8 years ago
'The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "Windows SAM and LSAD Downgrade Vulnerability" or "BADLOCK."'
-- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0128
Anonymous
Apr 13th 2016
8 years ago
Really? MS14-043 was published two years ago.-P
Did anybody notice that MS16-045 was originally scheduled for the March 2016 patchday but didn't make it then?
Anonymous
Apr 13th 2016
8 years ago
Why is M16-049 rated as N/A on client side and Important on Server, if the only affected OS is Windows 10?
Shouldn't it be the opposite? Important on client and N/A on Server?
Anonymous
Apr 13th 2016
8 years ago
"Until further notice, if you have not already installed this update, do not install KB3148812"
http://blogs.technet.com/b/wsus/archive/2016/04/22/what-you-need-to-know-about-kb3148812-part-two.aspx
Anonymous
Apr 25th 2016
8 years ago