blog

Reboots Keep Security Officers Busy

Robert BrownBy Robert Brown

In Microsoft’s November Patch Tuesday, there are 12 security bulletins that resolve more than 80 individual vulnerabilities. Four of these updates are “Critical” with the remaining eight marked as “Important.”

Security officers beware! This baseline contains numerous updates that have a vulnerability impact of Remote Code Execution or Elevation of Privilege, which are often exposed by users rather than seen as a failure in technology. It is critical to pay close attention to the number of reboots required in this release.

James Rowney, service manager, Verismic Software, adds, “The number of reboots is significantly high in this public release. If you deploy these patches to the systems in your network, you must reboot. Otherwise, the vulnerability remains a problem.  In this process, remember, communication is vital to minimize user impact.”

Although initially marked as “Important,” we are on the lookout for the bulletin with a vulnerability impact of the “Security Feature” bypass. We understand this affects the internal security password database of all Microsoft operating systems. With such a large range of operating systems available, this patch warrants an even higher priority than the severity suggests.

It’s not the first time Microsoft has changed its mind and increased the severity post release. If elevated to critical, be sure to deploy this patch as soon as possible.

For Windows 10 users, the “Threshold 10″ improves security, adds features and fixes some bugs; however, some users will not be happy with Microsoft for ending its “unlimited OneDrive Storage” promise.

The most important updates this month are MS15-112 and MS15-113.  They can be exposed by a user accessing a website or opening a specially crafted document. It is important to note that they require a reboot. Experience has taught us well that the closer we get to the holiday season, the more likely our users will be launching innocent looking websites.

UPDATES

MS15-112 (Impact: Remote Code Execution, Restart Requirement: Requires restart, Severity Rating: Critical)

  • This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploits the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS15-113 (Impact: Remote Code Execution, Restart Requirement: Requires restart, Severity Rating: Critical)

  • This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploits the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS15-114 (Impact: Remote Code Execution, Restart Requirement: May require restart, Severity Rating: Critical)

  • This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted Journal file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS15-115 (Impact: Remote Code Execution, Restart Requirement: Requires restart, Severity Rating: Critical)

  • This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker convinces a user to open a specially crafted document or to visit an untrusted webpage that contains embedded fonts.

MS15-116 (Impact: Remote Code Execution, Restart Requirement: May require restart, Severity Rating: Important)

  • This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploits the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS15-117 (Impact: Elevation of Privilege, Restart Requirement: Requires restart, Severity Rating: Important)

  • This security update resolves a vulnerability in Microsoft Windows NDIS. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application.

MS15-118 (Impact: Elevation of Privilege, Restart Requirement: Does not require restart, Severity Rating: Important)

  • This security update resolves vulnerabilities in Microsoft.NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if an attacker convinces a user to navigate to a compromised website or open a link in a specially crafted email that is designed to inject client-side code into the user’s browser.

MS15-119 (Impact: Elevation of Privilege, Restart Requirement: Requires restart, Severity Rating: Important)

  • This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a target system and runs specially crafted code that is designed to exploit the vulnerability.

MS15-120 (Impact: Denial of Service, Restart Requirement: May require restart, Severity Rating: Important)

  • This security update resolves a denial-of-service vulnerability in Microsoft Windows. An attacker who successfully exploits the vulnerability could cause the server to become nonresponsive. To exploit the vulnerability, an attacker must have valid credentials.

MS15-121 (Impact: Spoofing, Restart Requirement: Requires restart, Severity Rating: Important)

  • This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server.

MS15-123 (Impact: Information Disclosure, Restart Requirement: May require restart, Severity Rating: Important)

  • This security update resolves a vulnerability in Skype for Business and Microsoft Lync. The vulnerability could allow information disclosure if an attacker invites a target user to an instant-message session and then sends that user a message containing specially crafted JavaScript content.

MS15-122 (Impact: Security Feature Bypass, Restart Requirement: Requires restart, Severity Rating: Important)

  • This security update resolves a security feature bypass in Microsoft Windows. An attacker could bypass Kerberos authentication on a target machine and decrypt drives protected by BitLocker. The bypass is exploited only if the target system has BitLocker enabled without a PIN or USB key, the computer is domain-joined, and the attacker has physical access to the computer.

Robert Brown is director of services at Verismic Software. During his 10+ years with the brand, his role has evolved from onsite technical consultant through to his current role.


Leave a comment

Your email address will not be published. Required fields are marked *

Polls

As a budget line item, how are staff salaries trending in your company for 2019?

View Results

Loading ... Loading ...
The ID is: 92134